b3291fe7caaef81f1db2b10df676fc8f14813318937ec79aa9f542c56749d281

Analysis

max time kernel
4s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2023, 05:15

Target

Testu.bat
Size

588KB
MD5

5600e4b99b8c78ee46bf2956d6654055
SHA1

c8da4cbabf904ce79fd38cab39876e52db7fe56a
SHA256

b3291fe7caaef81f1db2b10df676fc8f14813318937ec79aa9f542c56749d281
SHA512

d0fcbdc01111df461c1a2700baa58fadf8362f6ccbb7846223932ce88c75bb68c0a935a90b9182bd52af850d2ea329fc07189cb0c1409c920b5d096a9877c14d
SSDEEP

768:8gmmerehWt9IZB8SXR4jme4WTdw0BazPxjY1PTfyEpJMAVKhdEgto4EiQ8kd5nak:Ybls4zs9ozyKMh96IhCdjR

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 620	4340	cmd.exe	87
PID 4340 wrote to memory of 620	4340	cmd.exe	87
PID 620 wrote to memory of 4716	620	cmd.exe	88
PID 620 wrote to memory of 4716	620	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Testu.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "CurrentBuild" 2>NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:620
- - C:\Windows\system32\reg.exe
    reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v "CurrentBuild"
    3⤵
    PID:4716