Analysis
-
max time kernel
85s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
03-11-2023 16:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
KFQH Blank Booking Form.bat.exe
Resource
win7-20231023-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
KFQH Blank Booking Form.bat.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
KFQH Blank Booking Form.bat.exe
-
Size
1.1MB
-
MD5
0efb9fa85f31cf712388fcc55484bb96
-
SHA1
e7f209e7b91a6429c0d2ee24a869751d201f4e65
-
SHA256
e54a0d1fb979d19bf7cbf681df38b284bb5b1b9a5848e220bda941e0417bc7fc
-
SHA512
d34890aa9267c0d57bc46e33107e8626f6bb08e48966b7b742e402e597716025691dfc15c5cbdece980b29c974b89440cb9af13792214fc744cb7585550cb96a
-
SSDEEP
24576:UZfxjLZisWPsuLkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5da:0xjIPsMpAuserKvpAuJMi+sPV3GykDf0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
KFQH Blank Booking Form.bat.exedescription pid process target process PID 1952 wrote to memory of 432 1952 KFQH Blank Booking Form.bat.exe AppLaunch.exe PID 1952 wrote to memory of 432 1952 KFQH Blank Booking Form.bat.exe AppLaunch.exe PID 1952 wrote to memory of 432 1952 KFQH Blank Booking Form.bat.exe AppLaunch.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\KFQH Blank Booking Form.bat.exe"C:\Users\Admin\AppData\Local\Temp\KFQH Blank Booking Form.bat.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe2⤵PID:432