978fdefda71ea96172e9c5af6a407cf9081f58ebef89efcedee4dbd299cce884 | Triage

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 00:13

Sharing

Report Analysis Logs

General

Target

netconsole.bat
Size

219B
MD5

0d0b90a3129aeb8bef6ff2952c5a19bf
SHA1

dc2d97451aaa5496977cec39da5202d81b8ea1f9
SHA256

d2bed025c1b8b989080dd5a00572be5ccc35f3f63323cbd1da65e9d5385d5023
SHA512

2720fd19f146b23f08219016a23731e78fe304c892fe7a81ee99f9b1d862b60f6bbe2c028b056c41d93f7d9f05bdede8057dc4f2d1d48fa422a02a40dd828690

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2276	2256	cmd.exe	29
PID 2256 wrote to memory of 2276	2256	cmd.exe	29
PID 2256 wrote to memory of 2276	2256	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\netconsole.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\nc64.exe
  .\nc64 -u -l -p 6664
  2⤵
  PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2276-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download