5a20e04136554ce266c226e3ffda53265e7c876b049258a63b764769e582856d | Triage

Analysis

max time kernel
146s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2023 16:00

Sharing

Report Analysis Logs

General

Target

Other/crypt.cmd
Size

37B
MD5

7cc66ddbca6c4b139eff6309c918dd69
SHA1

15e816c78b1e924f86229e39e6c7a6307d1a5f0b
SHA256

18c584543621ebece7dd456614dcc194a70b1c69e30ba396b519521740e8a7cb
SHA512

73bf6eb9dd12dde89e0aa6d69caa1c45ddd24e6447f9cec1666699ef056a2cbcafe1982e1446e51a31988e2b00df6d691a4c07f114a0e445270ef25e9fc07e7a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 4056	740	cmd.exe	81
PID 740 wrote to memory of 4056	740	cmd.exe	81
PID 740 wrote to memory of 4056	740	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Other\crypt.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:740
- C:\Users\Admin\AppData\Local\Temp\Other\xor.exe
  xor x0rb0t str.cfg str.h 1
  2⤵
  PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads