d9cff10fdaa4188539b41ba0d1662c09ceb26071e202483da4e218c358ffbd27 | Triage

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 14:28

Sharing

Report Analysis Logs

General

Target

terraria_adv_6.1/Home键在哪里/虚拟键盘.bat
Size

3B
MD5

7ff180711661c8e7f8941e72ca7ed522
SHA1

84f0476efdca0c1c948a668f44dc9cf739ba9f1a
SHA256

eb7f7e76f935aa9332dcc3ecdbe83acd336545227d4ebeef88b0935d0cadd99a
SHA512

96acc2c9415750ff98c8405a1df27d9ac3049112cc2eaba2591a00a53f8bb600117f30d78d5613414dc56ea49b0046ef725adf361528f3e840ac5e4e4d2346b2

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2392	osk.exe
2392	osk.exe
2392	osk.exe
2392	osk.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2392	2260	cmd.exe	84
PID 2260 wrote to memory of 2392	2260	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\terraria_adv_6.1\Home键在哪里\虚拟键盘.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\system32\osk.exe
  osk
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads