29ab6c8045019877917b8bc0750f01fd1bd001d6b4db884b5a3c5ffa54c99d40

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/03/2023, 18:50

Target

USB HDD BOX - 2 Partition Bootable.cmd
Size

9KB
MD5

e8bf8230b10b1772468ff3b3451520dc
SHA1

41541d3d416611963219830d7d19e8f89c10a632
SHA256

29ab6c8045019877917b8bc0750f01fd1bd001d6b4db884b5a3c5ffa54c99d40
SHA512

82ad94c8f4021774bbb80248aa2448e8bf777603f3697571ee62a559b66598818bb72ef1b39a6ad2d437f42c55f6382b4480b001766aa1820a9c544d9cac511c
SSDEEP

96:9OoeYVeO4u2b4NClLJVlLJsbOMJl5Ol5Q9wq1CePjkBiXeXkZtMZtLs6k4:gKQzFkQlJVlJsiGLOLQiqYGKXWgVs6k4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1452	1524	cmd.exe	28
PID 1524 wrote to memory of 1452	1524	cmd.exe	28
PID 1524 wrote to memory of 1452	1524	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\USB HDD BOX - 2 Partition Bootable.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\system32\mode.com
  mode con lines=20 cols=100
  2⤵
  PID:1452