978fdefda71ea96172e9c5af6a407cf9081f58ebef89efcedee4dbd299cce884 | Triage

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 00:13

Sharing

Report Analysis Logs

General

Target

uboot_netconsole.bat
Size

220B
MD5

95a70ff36c05dbc99f44f1fa65719762
SHA1

b6334aa6fac7b450245fc5c17ebc85cc735e18b9
SHA256

f5ee230f914528446770d2cb7e9d4ec1a5993154c1c8b1c5cfbf14c9a0d40ef3
SHA512

a3991d3e45520a6722d46dde7e2faee715d7e57e69fc7db5323effadc303599676b66d026d481cd83db49cc75d0f37a1fc43ca71a000278716807af48284a774

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2312	2508	cmd.exe	29
PID 2508 wrote to memory of 2312	2508	cmd.exe	29
PID 2508 wrote to memory of 2312	2508	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\uboot_netconsole.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\nc64.exe
  .\nc64 -u -l -p 6666
  2⤵
  PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2312-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download