5cf506d9f6e78bab973e6ef5f5d7ab479ad507ffdbf142d589fa008d0bef1442 | Triage

Analysis

max time kernel
97s
max time network
89s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
22-12-2023 19:05

Sharing

Report Analysis Logs

General

Target

START.bat
Size

419B
MD5

e7a43b047392649be4a9390b7b5d09ec
SHA1

7190eb459f39b6b64a8d289b196e5a1dd9dbe32d
SHA256

5cf506d9f6e78bab973e6ef5f5d7ab479ad507ffdbf142d589fa008d0bef1442
SHA512

805c5ac23b6fc3fb7796670f1f024bd8d5dfb071e288966c27ec4f392accf09f2566c0e1941b5a78c5edab90200ac97687bfdd26767f79dae9ddaa999900ff43

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

pid	Process
3744	timeout.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3744	2404	cmd.exe	81
PID 2404 wrote to memory of 3744	2404	cmd.exe	81
PID 2404 wrote to memory of 3644	2404	cmd.exe	82
PID 2404 wrote to memory of 3644	2404	cmd.exe	82
PID 2404 wrote to memory of 3644	2404	cmd.exe	82

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\START.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\system32\timeout.exe
  timeout /t 5 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3744
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python menu.py
  2⤵
  PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads