5f228573fe33f63464bb6d2b713d6195d3d6b40ef901d78040127df6cd1a762c | Triage

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/04/2023, 15:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

69420.bat
Size

723B
MD5

498973f9d236e5ac5bec53a81460f7a5
SHA1

8c6e4e493d01feaaae2c3449201e75add858b442
SHA256

5f228573fe33f63464bb6d2b713d6195d3d6b40ef901d78040127df6cd1a762c
SHA512

73999b8653187abd4cbe8558433d19ff0e3a26f3acea8f49bc9299d1b4c7b7d920fefa9f6414ed7e88d530f9f2460bc8b18233959953f60d87aeebd4e73639b4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 956	932	cmd.exe	28
PID 932 wrote to memory of 956	932	cmd.exe	28
PID 932 wrote to memory of 956	932	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\69420.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:932
- C:\Windows\system32\cipher.exe
  cipher /e "34gvoyh657346gv234vl5kw6"
  2⤵
  PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads