74b6aee99a28a6f2cc3bd0a2ab0a25a4d31efbba70c60639a3bfecdd067999cd

Analysis

max time kernel
162s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 13:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

batchfuscation
Size

7.8MB
MD5

bb7ef09a7808c882abb7b735dcce312b
SHA1

eef0cf44d66da28877553b101ea759d2dc711f04
SHA256

74b6aee99a28a6f2cc3bd0a2ab0a25a4d31efbba70c60639a3bfecdd067999cd
SHA512

43e54d7c92c2e9872315ba79d6bbdeaf0167366b366ea8cd87eb385f9a86ac6bff819589df1a0648ade99456078d1205bd4410ca6374077188ffedb28bafc7fe
SSDEEP

3072:5ms6cy9/ODeCk2o638fu2BK5YWLfZHNi3eVNEegtPHLWjCSDaZQwgs7tg1gQ7pSm:N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 688	2104	cmd.exe	37
PID 2104 wrote to memory of 688	2104	cmd.exe	37
PID 2104 wrote to memory of 688	2104	cmd.exe	37
PID 2104 wrote to memory of 1908	2104	cmd.exe	38
PID 2104 wrote to memory of 1908	2104	cmd.exe	38
PID 2104 wrote to memory of 1908	2104	cmd.exe	38
PID 2104 wrote to memory of 1148	2104	cmd.exe	39
PID 2104 wrote to memory of 1148	2104	cmd.exe	39
PID 2104 wrote to memory of 1148	2104	cmd.exe	39
PID 2104 wrote to memory of 2836	2104	cmd.exe	40
PID 2104 wrote to memory of 2836	2104	cmd.exe	40
PID 2104 wrote to memory of 2836	2104	cmd.exe	40
PID 2104 wrote to memory of 900	2104	cmd.exe	41
PID 2104 wrote to memory of 900	2104	cmd.exe	41
PID 2104 wrote to memory of 900	2104	cmd.exe	41
PID 2104 wrote to memory of 2904	2104	cmd.exe	42
PID 2104 wrote to memory of 2904	2104	cmd.exe	42
PID 2104 wrote to memory of 2904	2104	cmd.exe	42
PID 2104 wrote to memory of 2852	2104	cmd.exe	43
PID 2104 wrote to memory of 2852	2104	cmd.exe	43
PID 2104 wrote to memory of 2852	2104	cmd.exe	43
PID 2104 wrote to memory of 2892	2104	cmd.exe	44
PID 2104 wrote to memory of 2892	2104	cmd.exe	44
PID 2104 wrote to memory of 2892	2104	cmd.exe	44
PID 2104 wrote to memory of 2876	2104	cmd.exe	45
PID 2104 wrote to memory of 2876	2104	cmd.exe	45
PID 2104 wrote to memory of 2876	2104	cmd.exe	45
PID 2104 wrote to memory of 2860	2104	cmd.exe	46
PID 2104 wrote to memory of 2860	2104	cmd.exe	46
PID 2104 wrote to memory of 2860	2104	cmd.exe	46
PID 2104 wrote to memory of 2428	2104	cmd.exe	47
PID 2104 wrote to memory of 2428	2104	cmd.exe	47
PID 2104 wrote to memory of 2428	2104	cmd.exe	47
PID 2104 wrote to memory of 2236	2104	cmd.exe	48
PID 2104 wrote to memory of 2236	2104	cmd.exe	48
PID 2104 wrote to memory of 2236	2104	cmd.exe	48
PID 2104 wrote to memory of 2348	2104	cmd.exe	49
PID 2104 wrote to memory of 2348	2104	cmd.exe	49
PID 2104 wrote to memory of 2348	2104	cmd.exe	49
PID 2104 wrote to memory of 2900	2104	cmd.exe	50
PID 2104 wrote to memory of 2900	2104	cmd.exe	50
PID 2104 wrote to memory of 2900	2104	cmd.exe	50
PID 2104 wrote to memory of 2856	2104	cmd.exe	51
PID 2104 wrote to memory of 2856	2104	cmd.exe	51
PID 2104 wrote to memory of 2856	2104	cmd.exe	51
PID 2104 wrote to memory of 2848	2104	cmd.exe	52
PID 2104 wrote to memory of 2848	2104	cmd.exe	52
PID 2104 wrote to memory of 2848	2104	cmd.exe	52
PID 2104 wrote to memory of 2864	2104	cmd.exe	53
PID 2104 wrote to memory of 2864	2104	cmd.exe	53
PID 2104 wrote to memory of 2864	2104	cmd.exe	53
PID 2104 wrote to memory of 1876	2104	cmd.exe	54
PID 2104 wrote to memory of 1876	2104	cmd.exe	54
PID 2104 wrote to memory of 1876	2104	cmd.exe	54
PID 2104 wrote to memory of 1156	2104	cmd.exe	55
PID 2104 wrote to memory of 1156	2104	cmd.exe	55
PID 2104 wrote to memory of 1156	2104	cmd.exe	55
PID 2104 wrote to memory of 2484	2104	cmd.exe	56
PID 2104 wrote to memory of 2484	2104	cmd.exe	56
PID 2104 wrote to memory of 2484	2104	cmd.exe	56
PID 2104 wrote to memory of 2532	2104	cmd.exe	57
PID 2104 wrote to memory of 2532	2104	cmd.exe	57
PID 2104 wrote to memory of 2532	2104	cmd.exe	57
PID 2104 wrote to memory of 1976	2104	cmd.exe	58

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\batchfuscation
1⤵
PID:2180

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\system32\cmd.exe
  cmd /c exit 97
  2⤵
  PID:688
- C:\Windows\system32\cmd.exe
  cmd /c exit 98
  2⤵
  PID:1908
- C:\Windows\system32\cmd.exe
  cmd /c exit 99
  2⤵
  PID:1148
- C:\Windows\system32\cmd.exe
  cmd /c exit 100
  2⤵
  PID:2836
- C:\Windows\system32\cmd.exe
  cmd /c exit 101
  2⤵
  PID:900
- C:\Windows\system32\cmd.exe
  cmd /c exit 102
  2⤵
  PID:2904
- C:\Windows\system32\cmd.exe
  cmd /c exit 103
  2⤵
  PID:2852
- C:\Windows\system32\cmd.exe
  cmd /c exit 104
  2⤵
  PID:2892
- C:\Windows\system32\cmd.exe
  cmd /c exit 105
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  cmd /c exit 106
  2⤵
  PID:2860
- C:\Windows\system32\cmd.exe
  cmd /c exit 107
  2⤵
  PID:2428
- C:\Windows\system32\cmd.exe
  cmd /c exit 108
  2⤵
  PID:2236
- C:\Windows\system32\cmd.exe
  cmd /c exit 109
  2⤵
  PID:2348
- C:\Windows\system32\cmd.exe
  cmd /c exit 110
  2⤵
  PID:2900
- C:\Windows\system32\cmd.exe
  cmd /c exit 111
  2⤵
  PID:2856
- C:\Windows\system32\cmd.exe
  cmd /c exit 112
  2⤵
  PID:2848
- C:\Windows\system32\cmd.exe
  cmd /c exit 113
  2⤵
  PID:2864
- C:\Windows\system32\cmd.exe
  cmd /c exit 114
  2⤵
  PID:1876
- C:\Windows\system32\cmd.exe
  cmd /c exit 115
  2⤵
  PID:1156
- C:\Windows\system32\cmd.exe
  cmd /c exit 116
  2⤵
  PID:2484
- C:\Windows\system32\cmd.exe
  cmd /c exit 117
  2⤵
  PID:2532
- C:\Windows\system32\cmd.exe
  cmd /c exit 118
  2⤵
  PID:1976
- C:\Windows\system32\cmd.exe
  cmd /c exit 120
  2⤵
  PID:956
- C:\Windows\system32\cmd.exe
  cmd /c exit 119
  2⤵
  PID:2068
- C:\Windows\system32\cmd.exe
  cmd /c exit 121
  2⤵
  PID:2248
- C:\Windows\system32\cmd.exe
  cmd /c exit 122
  2⤵
  PID:2412
- C:\Windows\system32\cmd.exe
  cmd /c exit 65
  2⤵
  PID:2400
- C:\Windows\system32\cmd.exe
  cmd /c exit 66
  2⤵
  PID:2380
- C:\Windows\system32\cmd.exe
  cmd /c exit 67
  2⤵
  PID:1164
- C:\Windows\system32\cmd.exe
  cmd /c exit 68
  2⤵
  PID:1804
- C:\Windows\system32\cmd.exe
  cmd /c exit 69
  2⤵
  PID:1356
- C:\Windows\system32\cmd.exe
  cmd /c exit 70
  2⤵
  PID:1996
- C:\Windows\system32\cmd.exe
  cmd /c exit 71
  2⤵
  PID:1284
- C:\Windows\system32\cmd.exe
  cmd /c exit 72
  2⤵
  PID:1884
- C:\Windows\system32\cmd.exe
  cmd /c exit 73
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  cmd /c exit 74
  2⤵
  PID:1792
- C:\Windows\system32\cmd.exe
  cmd /c exit 75
  2⤵
  PID:1292
- C:\Windows\system32\cmd.exe
  cmd /c exit 76
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  cmd /c exit 77
  2⤵
  PID:1824
- C:\Windows\system32\cmd.exe
  cmd /c exit 78
  2⤵
  PID:948
- C:\Windows\system32\cmd.exe
  cmd /c exit 79
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  cmd /c exit 80
  2⤵
  PID:2136
- C:\Windows\system32\cmd.exe
  cmd /c exit 81
  2⤵
  PID:1532
- C:\Windows\system32\cmd.exe
  cmd /c exit 82
  2⤵
  PID:1992
- C:\Windows\system32\cmd.exe
  cmd /c exit 83
  2⤵
  PID:1904
- C:\Windows\system32\cmd.exe
  cmd /c exit 84
  2⤵
  PID:1984
- C:\Windows\system32\cmd.exe
  cmd /c exit 85
  2⤵
  PID:2000
- C:\Windows\system32\cmd.exe
  cmd /c exit 86
  2⤵
  PID:2004
- C:\Windows\system32\cmd.exe
  cmd /c exit 87
  2⤵
  PID:1880
- C:\Windows\system32\cmd.exe
  cmd /c exit 88
  2⤵
  PID:280
- C:\Windows\system32\cmd.exe
  cmd /c exit 89
  2⤵
  PID:1684
- C:\Windows\system32\cmd.exe
  cmd /c exit 90
  2⤵
  PID:1360
- C:\Windows\system32\cmd.exe
  cmd /c exit 48
  2⤵
  PID:556
- C:\Windows\system32\cmd.exe
  cmd /c exit 49
  2⤵
  PID:2432
- C:\Windows\system32\cmd.exe
  cmd /c exit 50
  2⤵
  PID:2936
- C:\Windows\system32\cmd.exe
  cmd /c exit 51
  2⤵
  PID:672
- C:\Windows\system32\cmd.exe
  cmd /c exit 52
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  cmd /c exit 53
  2⤵
  PID:1100
- C:\Windows\system32\cmd.exe
  cmd /c exit 54
  2⤵
  PID:2132
- C:\Windows\system32\cmd.exe
  cmd /c exit 55
  2⤵
  PID:2384
- C:\Windows\system32\cmd.exe
  cmd /c exit 56
  2⤵
  PID:1228
- C:\Windows\system32\cmd.exe
  cmd /c exit 57
  2⤵
  PID:1868
- C:\Windows\system32\cmd.exe
  cmd /c exit 123
  2⤵
  PID:1772
- C:\Windows\system32\cmd.exe
  cmd /c exit 125
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  cmd /c exit 63
  2⤵
  PID:1020
- C:\Windows\system32\cmd.exe
  cmd /c exit 58
  2⤵
  PID:2332
- C:\Windows\system32\cmd.exe
  cmd /c exit 46
  2⤵
  PID:1108
- C:\Windows\system32\cmd.exe
  cmd /c exit 61
  2⤵
  PID:2456
- C:\Windows\system32\cmd.exe
  cmd /c exit 44
  2⤵
  PID:1608
- C:\Windows\system32\cmd.exe
  cmd /c exit 95
  2⤵
  PID:2984

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads