2556244f35ee5a97eac5552f45ebcd5de78f5f586e8c5dbaad261ed6d1788994

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 01:06

Target

HistoryCleaner.bat
Size

283KB
MD5

d93d9ea7a0f1238593c2f4e427841476
SHA1

1efdcbca1fa12cffc9541e0ea54fd2df69a152c3
SHA256

2556244f35ee5a97eac5552f45ebcd5de78f5f586e8c5dbaad261ed6d1788994
SHA512

df29d36d1e7180514be490d789a8db2f45564d0af66a848e962a30030f33e89c0df8191dbf79a2fab0c9a13581fc644f835e9aebd9303c250e424aeeda1d2769
SSDEEP

768:EMpZfO/KZzmezF/svUsfg8gVhCBL1oPYdxCA1n5xpoL8oPlRPrPEPupL5LvLpLjK:ZZfGg8gUDRnvplQL5LvLpLjLn6zhzp

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 3760	3100	cmd.exe	84
PID 3100 wrote to memory of 3760	3100	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\HistoryCleaner.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:3760