f6c2d0b8bd9246f4e0d5dae254b54f621d22ddd43ab1014f91777c4334c42865

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
30/10/2023, 05:46

Target

CI 84394.cmd.exe
Size

330KB
MD5

3debb64ab0c057b634d3bd9410f604c9
SHA1

afa15e95c6a2c6bf7bcbbda238851320a6011ac2
SHA256

f6c2d0b8bd9246f4e0d5dae254b54f621d22ddd43ab1014f91777c4334c42865
SHA512

28a86e2de2aba7bf42d203932bb4394516a3acbe5ec1bd606db8af4a49e8b2df2f6ab8772a37c597ed8a5d68df3432ea7813cdbe7c63a0b8ad7e72044a5cb3d3
SSDEEP

6144:53OazRkHn3DeQLJhpSS4TBFYjtLYE2Odtyqd72frQQD:53OazmqQLJ21B6JYrOiqo/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1728	2012	CI 84394.cmd.exe	28
PID 2012 wrote to memory of 1728	2012	CI 84394.cmd.exe	28
PID 2012 wrote to memory of 1728	2012	CI 84394.cmd.exe	28
PID 2012 wrote to memory of 1728	2012	CI 84394.cmd.exe	28
PID 2012 wrote to memory of 1728	2012	CI 84394.cmd.exe	28
PID 2012 wrote to memory of 1728	2012	CI 84394.cmd.exe	28
PID 2012 wrote to memory of 1728	2012	CI 84394.cmd.exe	28

C:\Users\Admin\AppData\Local\Temp\CI 84394.cmd.exe
"C:\Users\Admin\AppData\Local\Temp\CI 84394.cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  2⤵
  PID:1728

memory/2012-1-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download
memory/2012-0-0x0000000000D10000-0x0000000000D68000-memory.dmp

Filesize
352KB

Download
memory/2012-2-0x0000000000830000-0x0000000000884000-memory.dmp

Filesize
336KB

Download
memory/2012-3-0x0000000000310000-0x0000000000350000-memory.dmp

Filesize
256KB

Download
memory/2012-4-0x0000000000560000-0x000000000056A000-memory.dmp

Filesize
40KB

Download
memory/2012-5-0x00000000746F0000-0x0000000074DDE000-memory.dmp

Filesize
6.9MB

Download