0f4644d54f8a320f70b6ae844935169afcf53adca45f893f602a7e4b05f1e117 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
23/11/2023, 05:02

Sharing

Report Analysis Logs

General

Target

2023年度税务稽查随机抽查结果公示.bat
Size

755B
MD5

c51d62ed06393ebc666d6502db7cbfe0
SHA1

74191948fb92f2b07c5a1548494db62cf7eb176f
SHA256

4bc640750e57fb736f2d9fea735c5767df187a73f1ab4b109546385314558fa6
SHA512

32797ed675c04f93663ea64aa173625dcef495e2ac859c9f3a369d217fca3ff09bd0ef3425c86b53c4ab165e9b790e2840396f693eba22bb1ffda00dd00b4c3b

Score

1^/10

Malware Config

Signatures

Runs regedit.exe 1 IoCs

pid	Process
2620	regedit.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2620	2840	cmd.exe	29
PID 2840 wrote to memory of 2620	2840	cmd.exe	29
PID 2840 wrote to memory of 2620	2840	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2023年度税务稽查随机抽查结果公示.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\regedit.exe
  C:\Windows\Regedit.exe /S "C:\Users\Admin\AppData\Local\Temp\~wqwxzau.tmp"
  2⤵
  - Runs regedit.exe
  PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~wqwxzau.tmp

Filesize
150B

MD5
b04c40ad79773f348459b90d1be49de6

SHA1
b28e0ee65e6ae2d3655d46fb4dbc1e828077d4a1

SHA256
505cb14eeed9ee1be46b7e8c4f325dd64203318eb7b78de5be2627d3a05b3c24

SHA512
bb9437caf83952208ddfb6d4aba9cc8d2b7edca5027679f06cd4512372ccf4aa9eec301a1a92a2ae97b6bcc95de21103a7d2220aba3d332a0bc2dce972a699f2

Download Submit