2579432ae4c617d7db76f8613f574e91be6815df1b363d0f5b2405a26e7af29b | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
14-01-2023 03:48

Sharing

Report Analysis Logs

General

Target

Drive.bat
Size

49B
MD5

597213dd9c57d314fad85c8b95b0bb2a
SHA1

c02d0ed76273b0d595882e5917f87f6156f9dfd4
SHA256

2579432ae4c617d7db76f8613f574e91be6815df1b363d0f5b2405a26e7af29b
SHA512

b7e3bce448c7e439be825cc75ed3b59dd5d46e4e1e479007b0e30c66af00534de49dd81e47445533aa21ff9846708ca89a261a4b9d8c3c2c355d13346dd8bef0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 984	2028	cmd.exe	28
PID 2028 wrote to memory of 984	2028	cmd.exe	28
PID 2028 wrote to memory of 984	2028	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Drive.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\system32\wscript.exe
  wscript "867\oypqehpn.js"
  2⤵
  PID:984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/984-54-0x0000000000000000-mapping.dmp

Download