411d51196ee0f5306a91684d6691f79b7b708f5c001f231db4b9e9a730772be2

Analysis

max time kernel
95s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batchfusc.bat
Size

7.8MB
MD5

5dd4bbb574b73c1095e56daccfe2e5bf
SHA1

67a62e4777a9bae0c700dc903caaf044d45eec6f
SHA256

411d51196ee0f5306a91684d6691f79b7b708f5c001f231db4b9e9a730772be2
SHA512

dda9d6571efeae4655b6abe3adca86f4e0837ce810e2c7a141ffbf0ed933c77d61b44f02214441b46f8141fa71cdcf7691e5c11e0d50c74480dbd352eecc7762
SSDEEP

3072:5ms6cy9/ODeCk2o638fu2BK5YWLfZHNi3eVNEegtPHLWjCSDaZQwgs7tg1gQ7pSD:q

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 792	5024	cmd.exe	87
PID 5024 wrote to memory of 792	5024	cmd.exe	87
PID 5024 wrote to memory of 3488	5024	cmd.exe	88
PID 5024 wrote to memory of 3488	5024	cmd.exe	88
PID 5024 wrote to memory of 1008	5024	cmd.exe	89
PID 5024 wrote to memory of 1008	5024	cmd.exe	89
PID 5024 wrote to memory of 228	5024	cmd.exe	91
PID 5024 wrote to memory of 228	5024	cmd.exe	91
PID 5024 wrote to memory of 1940	5024	cmd.exe	92
PID 5024 wrote to memory of 1940	5024	cmd.exe	92
PID 5024 wrote to memory of 3340	5024	cmd.exe	93
PID 5024 wrote to memory of 3340	5024	cmd.exe	93
PID 5024 wrote to memory of 216	5024	cmd.exe	94
PID 5024 wrote to memory of 216	5024	cmd.exe	94
PID 5024 wrote to memory of 1616	5024	cmd.exe	95
PID 5024 wrote to memory of 1616	5024	cmd.exe	95
PID 5024 wrote to memory of 3612	5024	cmd.exe	96
PID 5024 wrote to memory of 3612	5024	cmd.exe	96
PID 5024 wrote to memory of 3448	5024	cmd.exe	97
PID 5024 wrote to memory of 3448	5024	cmd.exe	97
PID 5024 wrote to memory of 3856	5024	cmd.exe	98
PID 5024 wrote to memory of 3856	5024	cmd.exe	98
PID 5024 wrote to memory of 3316	5024	cmd.exe	99
PID 5024 wrote to memory of 3316	5024	cmd.exe	99
PID 5024 wrote to memory of 4584	5024	cmd.exe	100
PID 5024 wrote to memory of 4584	5024	cmd.exe	100
PID 5024 wrote to memory of 5064	5024	cmd.exe	101
PID 5024 wrote to memory of 5064	5024	cmd.exe	101
PID 5024 wrote to memory of 1004	5024	cmd.exe	102
PID 5024 wrote to memory of 1004	5024	cmd.exe	102
PID 5024 wrote to memory of 4644	5024	cmd.exe	103
PID 5024 wrote to memory of 4644	5024	cmd.exe	103
PID 5024 wrote to memory of 1404	5024	cmd.exe	104
PID 5024 wrote to memory of 1404	5024	cmd.exe	104
PID 5024 wrote to memory of 4680	5024	cmd.exe	106
PID 5024 wrote to memory of 4680	5024	cmd.exe	106
PID 5024 wrote to memory of 1596	5024	cmd.exe	107
PID 5024 wrote to memory of 1596	5024	cmd.exe	107
PID 5024 wrote to memory of 1364	5024	cmd.exe	108
PID 5024 wrote to memory of 1364	5024	cmd.exe	108
PID 5024 wrote to memory of 4688	5024	cmd.exe	109
PID 5024 wrote to memory of 4688	5024	cmd.exe	109
PID 5024 wrote to memory of 1528	5024	cmd.exe	110
PID 5024 wrote to memory of 1528	5024	cmd.exe	110
PID 5024 wrote to memory of 776	5024	cmd.exe	111
PID 5024 wrote to memory of 776	5024	cmd.exe	111
PID 5024 wrote to memory of 3676	5024	cmd.exe	112
PID 5024 wrote to memory of 3676	5024	cmd.exe	112
PID 5024 wrote to memory of 1764	5024	cmd.exe	113
PID 5024 wrote to memory of 1764	5024	cmd.exe	113
PID 5024 wrote to memory of 1688	5024	cmd.exe	114
PID 5024 wrote to memory of 1688	5024	cmd.exe	114
PID 5024 wrote to memory of 1084	5024	cmd.exe	115
PID 5024 wrote to memory of 1084	5024	cmd.exe	115
PID 5024 wrote to memory of 920	5024	cmd.exe	117
PID 5024 wrote to memory of 920	5024	cmd.exe	117
PID 5024 wrote to memory of 4836	5024	cmd.exe	118
PID 5024 wrote to memory of 4836	5024	cmd.exe	118
PID 5024 wrote to memory of 748	5024	cmd.exe	119
PID 5024 wrote to memory of 748	5024	cmd.exe	119
PID 5024 wrote to memory of 5020	5024	cmd.exe	120
PID 5024 wrote to memory of 5020	5024	cmd.exe	120
PID 5024 wrote to memory of 2776	5024	cmd.exe	121
PID 5024 wrote to memory of 2776	5024	cmd.exe	121

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\batchfusc.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Windows\system32\cmd.exe
  cmd /c exit 97
  2⤵
  PID:792
- C:\Windows\system32\cmd.exe
  cmd /c exit 98
  2⤵
  PID:3488
- C:\Windows\system32\cmd.exe
  cmd /c exit 99
  2⤵
  PID:1008
- C:\Windows\system32\cmd.exe
  cmd /c exit 100
  2⤵
  PID:228
- C:\Windows\system32\cmd.exe
  cmd /c exit 101
  2⤵
  PID:1940
- C:\Windows\system32\cmd.exe
  cmd /c exit 102
  2⤵
  PID:3340
- C:\Windows\system32\cmd.exe
  cmd /c exit 103
  2⤵
  PID:216
- C:\Windows\system32\cmd.exe
  cmd /c exit 104
  2⤵
  PID:1616
- C:\Windows\system32\cmd.exe
  cmd /c exit 105
  2⤵
  PID:3612
- C:\Windows\system32\cmd.exe
  cmd /c exit 106
  2⤵
  PID:3448
- C:\Windows\system32\cmd.exe
  cmd /c exit 107
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  cmd /c exit 108
  2⤵
  PID:3316
- C:\Windows\system32\cmd.exe
  cmd /c exit 109
  2⤵
  PID:4584
- C:\Windows\system32\cmd.exe
  cmd /c exit 110
  2⤵
  PID:5064
- C:\Windows\system32\cmd.exe
  cmd /c exit 111
  2⤵
  PID:1004
- C:\Windows\system32\cmd.exe
  cmd /c exit 112
  2⤵
  PID:4644
- C:\Windows\system32\cmd.exe
  cmd /c exit 113
  2⤵
  PID:1404
- C:\Windows\system32\cmd.exe
  cmd /c exit 114
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  cmd /c exit 115
  2⤵
  PID:1596
- C:\Windows\system32\cmd.exe
  cmd /c exit 116
  2⤵
  PID:1364
- C:\Windows\system32\cmd.exe
  cmd /c exit 117
  2⤵
  PID:4688
- C:\Windows\system32\cmd.exe
  cmd /c exit 118
  2⤵
  PID:1528
- C:\Windows\system32\cmd.exe
  cmd /c exit 119
  2⤵
  PID:776
- C:\Windows\system32\cmd.exe
  cmd /c exit 120
  2⤵
  PID:3676
- C:\Windows\system32\cmd.exe
  cmd /c exit 121
  2⤵
  PID:1764
- C:\Windows\system32\cmd.exe
  cmd /c exit 122
  2⤵
  PID:1688
- C:\Windows\system32\cmd.exe
  cmd /c exit 65
  2⤵
  PID:1084
- C:\Windows\system32\cmd.exe
  cmd /c exit 66
  2⤵
  PID:920
- C:\Windows\system32\cmd.exe
  cmd /c exit 67
  2⤵
  PID:4836
- C:\Windows\system32\cmd.exe
  cmd /c exit 68
  2⤵
  PID:748
- C:\Windows\system32\cmd.exe
  cmd /c exit 69
  2⤵
  PID:5020
- C:\Windows\system32\cmd.exe
  cmd /c exit 70
  2⤵
  PID:2776
- C:\Windows\system32\cmd.exe
  cmd /c exit 71
  2⤵
  PID:3248
- C:\Windows\system32\cmd.exe
  cmd /c exit 72
  2⤵
  PID:3108
- C:\Windows\system32\cmd.exe
  cmd /c exit 73
  2⤵
  PID:3620
- C:\Windows\system32\cmd.exe
  cmd /c exit 74
  2⤵
  PID:5012
- C:\Windows\system32\cmd.exe
  cmd /c exit 75
  2⤵
  PID:4948
- C:\Windows\system32\cmd.exe
  cmd /c exit 76
  2⤵
  PID:3928
- C:\Windows\system32\cmd.exe
  cmd /c exit 77
  2⤵
  PID:2484
- C:\Windows\system32\cmd.exe
  cmd /c exit 78
  2⤵
  PID:5048
- C:\Windows\system32\cmd.exe
  cmd /c exit 79
  2⤵
  PID:420
- C:\Windows\system32\cmd.exe
  cmd /c exit 80
  2⤵
  PID:1800
- C:\Windows\system32\cmd.exe
  cmd /c exit 81
  2⤵
  PID:4592
- C:\Windows\system32\cmd.exe
  cmd /c exit 82
  2⤵
  PID:2224
- C:\Windows\system32\cmd.exe
  cmd /c exit 83
  2⤵
  PID:4740
- C:\Windows\system32\cmd.exe
  cmd /c exit 84
  2⤵
  PID:2576
- C:\Windows\system32\cmd.exe
  cmd /c exit 85
  2⤵
  PID:3476
- C:\Windows\system32\cmd.exe
  cmd /c exit 86
  2⤵
  PID:4264
- C:\Windows\system32\cmd.exe
  cmd /c exit 87
  2⤵
  PID:4456
- C:\Windows\system32\cmd.exe
  cmd /c exit 88
  2⤵
  PID:2092
- C:\Windows\system32\cmd.exe
  cmd /c exit 89
  2⤵
  PID:3516
- C:\Windows\system32\cmd.exe
  cmd /c exit 90
  2⤵
  PID:4968
- C:\Windows\system32\cmd.exe
  cmd /c exit 48
  2⤵
  PID:2624
- C:\Windows\system32\cmd.exe
  cmd /c exit 49
  2⤵
  PID:1768
- C:\Windows\system32\cmd.exe
  cmd /c exit 50
  2⤵
  PID:684
- C:\Windows\system32\cmd.exe
  cmd /c exit 51
  2⤵
  PID:2192
- C:\Windows\system32\cmd.exe
  cmd /c exit 52
  2⤵
  PID:2564
- C:\Windows\system32\cmd.exe
  cmd /c exit 53
  2⤵
  PID:2792
- C:\Windows\system32\cmd.exe
  cmd /c exit 54
  2⤵
  PID:4240
- C:\Windows\system32\cmd.exe
  cmd /c exit 55
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  cmd /c exit 56
  2⤵
  PID:1028
- C:\Windows\system32\cmd.exe
  cmd /c exit 57
  2⤵
  PID:2412
- C:\Windows\system32\cmd.exe
  cmd /c exit 123
  2⤵
  PID:464
- C:\Windows\system32\cmd.exe
  cmd /c exit 125
  2⤵
  PID:3672
- C:\Windows\system32\cmd.exe
  cmd /c exit 63
  2⤵
  PID:3820
- C:\Windows\system32\cmd.exe
  cmd /c exit 58
  2⤵
  PID:1380
- C:\Windows\system32\cmd.exe
  cmd /c exit 46
  2⤵
  PID:3864
- C:\Windows\system32\cmd.exe
  cmd /c exit 61
  2⤵
  PID:4004
- C:\Windows\system32\cmd.exe
  cmd /c exit 44
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  cmd /c exit 95
  2⤵
  PID:4764

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads