f1f219c3c61e1cdd64e2034ecd81e7476e86d59d407d0364753cf13efaa580e2

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 13:49

Target

okkk.bat
Size

242B
MD5

8964acdcbd316bd4846fa4baa9840609
SHA1

465ec38bd8a77affb506dae3bef78efb2e2d6bdf
SHA256

f1f219c3c61e1cdd64e2034ecd81e7476e86d59d407d0364753cf13efaa580e2
SHA512

54d83048d69cc961e5b82d8e52817c5faeb5a2b2c78b0dbf83efeb7e0b38d114eec3fb15e574716fda1c1a02ad96c172fe90de530feb0d1388195005af8f4cab

Score

1^/10

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 3056	2728	cmd.exe	29
PID 2728 wrote to memory of 3056	2728	cmd.exe	29
PID 2728 wrote to memory of 3056	2728	cmd.exe	29
PID 2728 wrote to memory of 2588	2728	cmd.exe	30
PID 2728 wrote to memory of 2588	2728	cmd.exe	30
PID 2728 wrote to memory of 2588	2728	cmd.exe	30
PID 2728 wrote to memory of 2592	2728	cmd.exe	31
PID 2728 wrote to memory of 2592	2728	cmd.exe	31
PID 2728 wrote to memory of 2592	2728	cmd.exe	31
PID 2728 wrote to memory of 2660	2728	cmd.exe	32
PID 2728 wrote to memory of 2660	2728	cmd.exe	32
PID 2728 wrote to memory of 2660	2728	cmd.exe	32
PID 2728 wrote to memory of 2664	2728	cmd.exe	33
PID 2728 wrote to memory of 2664	2728	cmd.exe	33
PID 2728 wrote to memory of 2664	2728	cmd.exe	33
PID 2660 wrote to memory of 2640	2660	cmd.exe	38
PID 2660 wrote to memory of 2640	2660	cmd.exe	38
PID 2660 wrote to memory of 2640	2660	cmd.exe	38
PID 2588 wrote to memory of 2624	2588	cmd.exe	39
PID 2588 wrote to memory of 2624	2588	cmd.exe	39
PID 2588 wrote to memory of 2624	2588	cmd.exe	39
PID 2592 wrote to memory of 2644	2592	cmd.exe	40
PID 2592 wrote to memory of 2644	2592	cmd.exe	40
PID 2592 wrote to memory of 2644	2592	cmd.exe	40
PID 2664 wrote to memory of 2232	2664	cmd.exe	41
PID 2664 wrote to memory of 2232	2664	cmd.exe	41
PID 2664 wrote to memory of 2232	2664	cmd.exe	41

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\okkk.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\system32\msg.exe
  msg * you have successfully downloaded porn
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  cmd /c msg * you are retarded
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Windows\system32\msg.exe
    msg * you are retarded
    3⤵
    PID:2624
- C:\Windows\system32\cmd.exe
  cmd /c msg * please kys now u worthless pedo
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Windows\system32\msg.exe
    msg * please kys now u worthless pedo
    3⤵
    PID:2644
- C:\Windows\system32\cmd.exe
  cmd /c msg * what would your mother think?
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Windows\system32\msg.exe
    msg * what would your mother think?
    3⤵
    PID:2640
- C:\Windows\system32\cmd.exe
  cmd /c msg * tell your family I said hey
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Windows\system32\msg.exe
    msg * tell your family I said hey
    3⤵
    PID:2232