466cf0832a24b9a900aa36431f7fd69647c172c1c8054e233c473e83e50aa18f

Analysis

max time kernel
96s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2023 11:23

Target

StanesBeseeches/Inquisitorially.cmd
Size

740B
MD5

d83d6ffcd16cbcd4870671952976fda8
SHA1

c0f7e6f54c94579518567032d1f4eed04955ba2d
SHA256

1fb1db9d2e48ed64b4fe840d2e54095638cb424cfc4d325c2ad4cb910eadc287
SHA512

7908f22f6dc1f4f977bcc92c901ba64fab7b31bd3eb74d58e2a0dd0dc2e7ef7cdfa3fbf017f7f04105ed637f489cb896a1b09003a2a198be16ae812b5e359377

Score

7^/10

Executes dropped EXE 2 IoCs

Processes:

Mulmull.exeBassinet.exe

pid process

4896 Mulmull.exe
2696 Bassinet.exe

pid	process
4896	Mulmull.exe
2696	Bassinet.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2976 wrote to memory of 380	2976	cmd.exe	cmd.exe
PID 2976 wrote to memory of 380	2976	cmd.exe	cmd.exe
PID 2976 wrote to memory of 4752	2976	cmd.exe	xcopy.exe
PID 2976 wrote to memory of 4752	2976	cmd.exe	xcopy.exe
PID 2976 wrote to memory of 4964	2976	cmd.exe	cmd.exe
PID 2976 wrote to memory of 4964	2976	cmd.exe	cmd.exe
PID 2976 wrote to memory of 4756	2976	cmd.exe	xcopy.exe
PID 2976 wrote to memory of 4756	2976	cmd.exe	xcopy.exe
PID 2976 wrote to memory of 4896	2976	cmd.exe	Mulmull.exe
PID 2976 wrote to memory of 4896	2976	cmd.exe	Mulmull.exe
PID 2976 wrote to memory of 2696	2976	cmd.exe	Bassinet.exe
PID 2976 wrote to memory of 2696	2976	cmd.exe	Bassinet.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\StanesBeseeches\Inquisitorially.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo f"
2⤵
PID:380

C:\Windows\system32\xcopy.exe
xcopy C:\Windows\\\\\\system32\\\\\\wscript.exe C:\Users\Admin\AppData\Local\Temp\Bassinet.exe /h /s /e
2⤵
PID:4752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo f"
2⤵
PID:4964

C:\Windows\system32\xcopy.exe
xcopy C:\Windows\\\\\\system32\\\\\\reg.exe C:\Users\Admin\AppData\Local\Temp\Mulmull.exe /h /s /e
2⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Mulmull.exe
C:\Users\Admin\AppData\Local\Temp\Mulmull.exe import chuhraFondled\longeveEctocondyle\PoliticizationCanoeist.Ifs
2⤵
- Executes dropped EXE
PID:4896

C:\Users\Admin\AppData\Local\Temp\Bassinet.exe
C:\Users\Admin\AppData\Local\Temp\Bassinet.exe chuhraFondled\longeveEctocondyle\UndersortPodalgia.wsf
2⤵
- Executes dropped EXE
PID:2696

C:\Users\Admin\AppData\Local\Temp\Bassinet.exe
Filesize
166KB

MD5
a47cbe969ea935bdd3ab568bb126bc80

SHA1
15f2facfd05daf46d2c63912916bf2887cebd98a

SHA256
34008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100

SHA512
f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bassinet.exe
Filesize
166KB

MD5
a47cbe969ea935bdd3ab568bb126bc80

SHA1
15f2facfd05daf46d2c63912916bf2887cebd98a

SHA256
34008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100

SHA512
f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mulmull.exe
Filesize
75KB

MD5
227f63e1d9008b36bdbcc4b397780be4

SHA1
c0db341defa8ef40c03ed769a9001d600e0f4dae

SHA256
c0e25b1f9b22de445298c1e96ddfcead265ca030fa6626f61a4a4786cc4a3b7d

SHA512
101907b994d828c83587c483b4984f36caf728b766cb7a417b549852a6207e2a3fe9edc8eff5eeab13e32c4cf1417a3adccc089023114ea81974c5e6b355fed9

Download Submit