c66764b9b25f873613f9ce6267429ef507a422b2254eea47147b658b259c4c72 | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
19/09/2023, 17:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

text adventure.bat
Size

3KB
MD5

48fa72821444ef8642f728bc3f964ddf
SHA1

1e63a500592f50643c8614d45f58ab06a13813c6
SHA256

c66764b9b25f873613f9ce6267429ef507a422b2254eea47147b658b259c4c72
SHA512

3a57d42116d0026cb8123c5cdd59400931b60c3fffbe0a7a84cfd9dce6420b29032a2f7c4cd391066d24df4e0ee7a7c83fc6d267b0b51dee5088cd8d55cdd832

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 2 IoCs

pid	Process
2584	timeout.exe
1892	timeout.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2584	2432	cmd.exe	1
PID 2432 wrote to memory of 2584	2432	cmd.exe	1
PID 2432 wrote to memory of 2584	2432	cmd.exe	1
PID 2432 wrote to memory of 1892	2432	cmd.exe	30
PID 2432 wrote to memory of 1892	2432	cmd.exe	30
PID 2432 wrote to memory of 1892	2432	cmd.exe	30

C:\Windows\system32\timeout.exe
timeout /t 3 /nobreak
1⤵
- Delays execution with timeout.exe
PID:2584

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\text adventure.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads