9475d84b7704e5f856f251c061ed7bd3c858829ff1c80741c1b5c36af5471edc | Triage

Analysis

max time kernel
258s
max time network
263s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 19:47

Sharing

Report Analysis Logs

General

Target

Innovatoz/Innovatoz.bat
Size

385B
MD5

54435389c5f490843e04469990581b93
SHA1

f7f2f7c3ca41c9899db892b21565d476f432564d
SHA256

1e6257ddcb9683f0b7f4c1eeaadad18d3d0a7d03852330ee980a9f5ca7abfa66
SHA512

4e97fbea4b1a2a13f9899184548f97ba9615fc456f9f66b11d1fd84ab21969b0b50b415a2c001d2f97419d948b826a6f05a1de67eddbf4e0d425d1533dc1e0ea

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 4936 wrote to memory of 860 4936 cmd.exe mode.com
PID 4936 wrote to memory of 860 4936 cmd.exe mode.com

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Innovatoz\Innovatoz.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4936

C:\Windows\system32\mode.com
mode 160,50
2⤵
PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...