186c18ad276aa93b47ac826eef1925b9d15b0dc9cd6daf4c4ed89ba6df09b232 | Triage

Resubmissions

12-07-2023 22:24

230712-2bgvaseg77 10

12-07-2023 22:17

230712-17bsgsfg4x 6

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
12-07-2023 22:24

Sharing

Report Analysis Logs

General

Target

del.bat
Size

25B
MD5

90982e304ae9cac175b8953d8dac1034
SHA1

eabc2a4088796719de06f31fa7a086677dfa7c75
SHA256

186c18ad276aa93b47ac826eef1925b9d15b0dc9cd6daf4c4ed89ba6df09b232
SHA512

add6afd6dce66ffeb29519ea2daf326cb78dd9e19414d2428eba1cbd39a849dfe9a5d1918117b9469625b5233d45932b22b234ba5dc4eb4ed5cacae09d9bf3af

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1172	2532	cmd.exe	29
PID 2532 wrote to memory of 1172	2532	cmd.exe	29
PID 2532 wrote to memory of 1172	2532	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\del.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" Del C:\ *.* "
  2⤵
  PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads