3ee59459573b3cd30af648d4bc46e81d0350d6dda15dce3f45ca3a1a835ff608

Resubmissions

07/03/2023, 13:26

max time kernel
27s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07/03/2023, 13:26

Target

ISSetupPrerequisites/USBWin8.bat
Size

72B
MD5

306d0c087795c34e27308a787947d130
SHA1

9399a7fec392844973ef5ed3c2b7dda46c4f0578
SHA256

f661626802bc4cf3394cee22c991a272fb083dd8f856279798b7b097c2336b53
SHA512

d333ae68c2127191fb3e9a6186217360aab8afe7e2bf2b5df76db596440fabd32e50c315edf33593a4964bb6d323d56d3ed5fbf9324e172555e8e672e3a0c997

Score

1^/10

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1880	certutil.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1880	1476	cmd.exe	28
PID 1476 wrote to memory of 1880	1476	cmd.exe	28
PID 1476 wrote to memory of 1880	1476	cmd.exe	28
PID 1476 wrote to memory of 1880	1476	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ISSetupPrerequisites\USBWin8.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Users\Admin\AppData\Local\Temp\ISSetupPrerequisites\certutil.exe
  certutil.exe -p 1354 -importPFX cdcseries.pfx
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1880
- C:\Users\Admin\AppData\Local\Temp\ISSetupPrerequisites\PnPutil.exe
  pnputil.exe -a usbser.inf
  2⤵
  PID:520