60dbaed2358a02ed2102cc2158c05fce9bba87674d68f1114198423bd8460a93

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13/07/2023, 22:39

Target

1.bat
Size

9KB
MD5

4b2794840b114be5011da81ad4c462d8
SHA1

66cf9461efa6fb1e55af037515121d2a856670ac
SHA256

60dbaed2358a02ed2102cc2158c05fce9bba87674d68f1114198423bd8460a93
SHA512

28d60ca188d99af1e6338d97cbcde497f5325c1a7da132b7d8f9c29a630d93570b488db40bc3ded89fa96c04153298b6a15128f641fcb1134cfa8d933d9e8b2c
SSDEEP

192:JhSy/Ogy0+OPN3b9h5gIZpiuhHA9waK+FJYY9gUeYzUEo1UfUu:JhSy/Ogy0+OPN3b1gBuRAzKEJD6G

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 848	2300	cmd.exe	29
PID 2300 wrote to memory of 848	2300	cmd.exe	29
PID 2300 wrote to memory of 848	2300	cmd.exe	29
PID 2300 wrote to memory of 2536	2300	cmd.exe	30
PID 2300 wrote to memory of 2536	2300	cmd.exe	30
PID 2300 wrote to memory of 2536	2300	cmd.exe	30
PID 2300 wrote to memory of 3068	2300	cmd.exe	31
PID 2300 wrote to memory of 3068	2300	cmd.exe	31
PID 2300 wrote to memory of 3068	2300	cmd.exe	31
PID 2300 wrote to memory of 2376	2300	cmd.exe	32
PID 2300 wrote to memory of 2376	2300	cmd.exe	32
PID 2300 wrote to memory of 2376	2300	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\system32\cmd.exe
  cmd.exe /c C:\ProgramData\sett.bat"
  2⤵
  PID:848
- C:\Windows\system32\cmd.exe
  cmd.exe /c C:\ProgramData\7z.bat"
  2⤵
  PID:2536
- C:\Windows\system32\cmd.exe
  cmd.exe /c C:\ProgramData\2.bat"
  2⤵
  PID:3068
- C:\Windows\system32\cmd.exe
  cmd.exe /c C:\ProgramData\2.bat"
  2⤵
  PID:2376

C:\ProgramData\2.bat

Filesize
232B

MD5
6011bc3aa00cc9eefa63bd07c9676678

SHA1
9c8fb9c006ab9787254bd6ade3194a90c24d66c9

SHA256
5a8a48a2be136200954f5f81de68363d5dd8c82489dacae5d6b717b598634079

SHA512
93869d542de437ce4514c745153284163305256f4673139a91ce9253ea329941b1fc273ccb3c0a2710e761ad41698a3f96ea0a5516ab3f436a5ead82572d36ba

Download Submit
C:\ProgramData\7z.bat

Filesize
239B

MD5
67404b0103100e3452532b69a46aa33f

SHA1
4bc62bfaecc1a4c5c95d906e2b64e161933f9965

SHA256
6f1624a63e0713b8c0f86a461e9ce955f0d7eef8d4d3cdacf0b79e3ae843f19c

SHA512
4c7f3e63746179413915f308dea04cf668f909a4111caa479b633587137483ff7af548e2aab7180617cc5a6363884151f546a58b0b40a7bdb7edc3024bb26989

Download Submit
C:\ProgramData\sett.bat

Filesize
248B

MD5
7d1c3743cb7af1f479ef8a94c1dc44da

SHA1
228abfe62f4f166bb0881e273c2bd6bffb3167d4

SHA256
434d977609d8c580895a2b3b74f0948e2670bdeef5d06a1325c4940264b95f6c

SHA512
e00f310e0c09b0e78ee98e8c1efdbb2caf6cac0e5fde51536123443f54f271c0232b4521c02de5083eb18cc03d350d37a0cb1ed2da58c6a0830b5462def34276

Download Submit