bd412927a418596edd51b322b23fda37605263a31421704197447ca2f0a7d957 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-03-2023 18:20

Sharing

Report Analysis Logs

General

Target

1.bat
Size

67B
MD5

14b2f12ce100f88af44c34a952766f16
SHA1

c47330cc87bad8220ce6720a5804f4ee43b78254
SHA256

bd412927a418596edd51b322b23fda37605263a31421704197447ca2f0a7d957
SHA512

b41f55e9430c150d99f31a0b692eb2fc813a885b0dc39b58d1855d6cc5ee201066eeef8b2ca25dc3d20c7a2eafbb6a5cf3f320fecd944e9e16d670182ced3c69

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 764	1200	cmd.exe	29
PID 1200 wrote to memory of 764	1200	cmd.exe	29
PID 1200 wrote to memory of 764	1200	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\system32\rundll32.exe
  rundll32.exe 1694568.cvs,#8, InetCpl.Cpl, ClearMyTracksByProcess 11
  2⤵
  PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads