492cac377c0e37a0459adc98293303db29f390ee99f6e2ab9bd8ed09509b6e03

Analysis

max time kernel
136s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2023 15:09

Target

492cac377c0e37a0459adc98293303db29f390ee99f6e2ab9bd8ed09509b6e03.bat
Size

1KB
MD5

97fc4e57730c3892589e27e70f03f167
SHA1

fdc4f5499ff09d773c55a9d66c8fae58e99f7a70
SHA256

492cac377c0e37a0459adc98293303db29f390ee99f6e2ab9bd8ed09509b6e03
SHA512

75f089ff50c837579270b430539e34602f6e3770ca05c148a4e0216d1ef3b7cfb2f43313ab08f2ef3b546612999bcfee7f820f13eac9143b597cd10d3b485f2a

Score

1^/10

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

pid	Process
2032	PING.EXE
4928	PING.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 2032	3636	cmd.exe	85
PID 3636 wrote to memory of 2032	3636	cmd.exe	85
PID 3636 wrote to memory of 4928	3636	cmd.exe	94
PID 3636 wrote to memory of 4928	3636	cmd.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\492cac377c0e37a0459adc98293303db29f390ee99f6e2ab9bd8ed09509b6e03.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 50 -w 1000
  2⤵
  - Runs ping.exe
  PID:2032
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 50 -w 1000
  2⤵
  - Runs ping.exe
  PID:4928

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact