95d60cd2c564773a198e9fd75b9584fb1ee8613e5a8664c3b419fcba629736b1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:51

Target

黑客风云全套抓鸡工具/1433.bat
Size

1KB
MD5

8bb50b97954e49897d35746fe4a70e99
SHA1

3ee42ada95d8e490472fe35b670495b1fad3043a
SHA256

900aafbff9329e46eea707a49170c4bff998a9741fcd37e0b438cffcb8f57f29
SHA512

48f64c49ea3a7b1910b9f4a62a7350d0f4b175c9b4e41bc12f6a2445faf45e9b4b4196ea846db07f77c1aa437d455617ad60914a389fc66c0aa6e87db3f1e516

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2840	2316	cmd.exe	17
PID 2316 wrote to memory of 2840	2316	cmd.exe	17
PID 2316 wrote to memory of 2840	2316	cmd.exe	17

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\黑客风云全套抓鸡工具\1433.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\黑客风云全套抓鸡工具\ip.txt
  2⤵
  PID:2840

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact