45382baeb9f5a73ce3578de0a287fdfbc87e6b2216c286e760d109b06e9db165 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 11:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

text adventurever3.bat
Size

3KB
MD5

29d3edcf5047ca0ceb7b4454d524ec3a
SHA1

b3227190c9279cf728ba560bb8941b63f4fd5a95
SHA256

45382baeb9f5a73ce3578de0a287fdfbc87e6b2216c286e760d109b06e9db165
SHA512

b3f643494970e72ed28099b5932f7e32e17845f81a9f98c6d17bb9c4bc637cd3eac77ad349b98ddcc9011a2e858459a585a6f3a9598ba74f10288c93d55e4006

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 2 IoCs

pid	Process
2620	timeout.exe
1960	timeout.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2620	2228	cmd.exe	29
PID 2228 wrote to memory of 2620	2228	cmd.exe	29
PID 2228 wrote to memory of 2620	2228	cmd.exe	29
PID 2228 wrote to memory of 1960	2228	cmd.exe	30
PID 2228 wrote to memory of 1960	2228	cmd.exe	30
PID 2228 wrote to memory of 1960	2228	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\text adventurever3.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2620
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads