d6b2b400095332ac2e10cb0e673185641dc2f203610c03958c151554e382945b

Analysis

max time kernel
85s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2023, 18:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aa.bat
Size

345B
MD5

20da6a81261545b46713b200b27ae3b5
SHA1

f649ced37d0036491daad892a826bbd5d7489e05
SHA256

d6b2b400095332ac2e10cb0e673185641dc2f203610c03958c151554e382945b
SHA512

40494351c453a410089cf2d2fbad87c9262bafb48bc8d5a1ab90ed1f95e2f9405e5164cb6ac94ecd6558e9ba03aa15b698033da8f22477a676c050e1839fd494

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 5020	652	cmd.exe	83
PID 652 wrote to memory of 5020	652	cmd.exe	83
PID 652 wrote to memory of 2180	652	cmd.exe	85
PID 652 wrote to memory of 2180	652	cmd.exe	85
PID 652 wrote to memory of 1324	652	cmd.exe	87
PID 652 wrote to memory of 1324	652	cmd.exe	87
PID 652 wrote to memory of 1368	652	cmd.exe	88
PID 652 wrote to memory of 1368	652	cmd.exe	88
PID 652 wrote to memory of 3364	652	cmd.exe	91
PID 652 wrote to memory of 3364	652	cmd.exe	91
PID 652 wrote to memory of 3468	652	cmd.exe	93
PID 652 wrote to memory of 3468	652	cmd.exe	93
PID 652 wrote to memory of 3120	652	cmd.exe	94
PID 652 wrote to memory of 3120	652	cmd.exe	94
PID 652 wrote to memory of 3908	652	cmd.exe	96
PID 652 wrote to memory of 3908	652	cmd.exe	96
PID 652 wrote to memory of 3944	652	cmd.exe	97
PID 652 wrote to memory of 3944	652	cmd.exe	97
PID 652 wrote to memory of 4456	652	cmd.exe	101
PID 652 wrote to memory of 4456	652	cmd.exe	101
PID 652 wrote to memory of 220	652	cmd.exe	102
PID 652 wrote to memory of 220	652	cmd.exe	102
PID 652 wrote to memory of 4024	652	cmd.exe	105
PID 652 wrote to memory of 4024	652	cmd.exe	105
PID 652 wrote to memory of 4444	652	cmd.exe	107
PID 652 wrote to memory of 4444	652	cmd.exe	107
PID 652 wrote to memory of 4464	652	cmd.exe	108
PID 652 wrote to memory of 4464	652	cmd.exe	108
PID 652 wrote to memory of 4736	652	cmd.exe	111
PID 652 wrote to memory of 4736	652	cmd.exe	111
PID 652 wrote to memory of 5008	652	cmd.exe	113
PID 652 wrote to memory of 5008	652	cmd.exe	113
PID 652 wrote to memory of 3384	652	cmd.exe	118
PID 652 wrote to memory of 3384	652	cmd.exe	118
PID 652 wrote to memory of 1132	652	cmd.exe	114
PID 652 wrote to memory of 1132	652	cmd.exe	114
PID 652 wrote to memory of 1644	652	cmd.exe	116
PID 652 wrote to memory of 1644	652	cmd.exe	116
PID 652 wrote to memory of 928	652	cmd.exe	120
PID 652 wrote to memory of 928	652	cmd.exe	120
PID 652 wrote to memory of 1752	652	cmd.exe	121
PID 652 wrote to memory of 1752	652	cmd.exe	121
PID 652 wrote to memory of 4172	652	cmd.exe	125
PID 652 wrote to memory of 4172	652	cmd.exe	125
PID 652 wrote to memory of 4796	652	cmd.exe	127
PID 652 wrote to memory of 4796	652	cmd.exe	127
PID 652 wrote to memory of 4428	652	cmd.exe	129
PID 652 wrote to memory of 4428	652	cmd.exe	129
PID 652 wrote to memory of 2860	652	cmd.exe	131
PID 652 wrote to memory of 2860	652	cmd.exe	131
PID 652 wrote to memory of 4668	652	cmd.exe	132
PID 652 wrote to memory of 4668	652	cmd.exe	132
PID 652 wrote to memory of 3320	652	cmd.exe	133
PID 652 wrote to memory of 3320	652	cmd.exe	133

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\aa.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5020
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2180
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1368
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3364
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3468
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3120
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3908
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3944
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4456
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:220
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4024
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4444
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4464
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4736
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3384
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:928
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1752
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4172
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4796
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4428
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2860
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4668
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3320

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads