a477748c4ef7a444d88ee8e540c0e453a17bed975be0eb8abff0a74ef0240cb4 | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/04/2023, 15:30

Sharing

Report Analysis Logs

General

Target

69420.bat
Size

723B
MD5

37d793841ba1a61b89c9c8fc19f6b5ad
SHA1

5672ee0147389d73749f36c6e111c1191221737b
SHA256

a477748c4ef7a444d88ee8e540c0e453a17bed975be0eb8abff0a74ef0240cb4
SHA512

dc7759ad45163796df6cbdb5d7250072e13851056d6a08eedee2263e0fd753b02ef88dde269ae57e4b4318c7b5ce6cda4afe60c83eb0794fce99448991ceda02

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 836	1368	cmd.exe	29
PID 1368 wrote to memory of 836	1368	cmd.exe	29
PID 1368 wrote to memory of 836	1368	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\69420.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\system32\cipher.exe
  cipher /e "34gvoyh657346gv234vl5kw6"
  2⤵
  PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads