45382baeb9f5a73ce3578de0a287fdfbc87e6b2216c286e760d109b06e9db165 | Triage

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 11:57

Sharing

Report Analysis Logs

General

Target

text adventurever3.bat
Size

3KB
MD5

29d3edcf5047ca0ceb7b4454d524ec3a
SHA1

b3227190c9279cf728ba560bb8941b63f4fd5a95
SHA256

45382baeb9f5a73ce3578de0a287fdfbc87e6b2216c286e760d109b06e9db165
SHA512

b3f643494970e72ed28099b5932f7e32e17845f81a9f98c6d17bb9c4bc637cd3eac77ad349b98ddcc9011a2e858459a585a6f3a9598ba74f10288c93d55e4006

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 2 IoCs

pid	Process
5108	timeout.exe
2376	timeout.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 5108	3712	cmd.exe	83
PID 3712 wrote to memory of 5108	3712	cmd.exe	83
PID 3712 wrote to memory of 2376	3712	cmd.exe	86
PID 3712 wrote to memory of 2376	3712	cmd.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\text adventurever3.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5108
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads