Analysis
-
max time kernel
1s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-02-2024 19:29
Static task
static1
Behavioral task
behavioral1
Sample
start_tool.bat
Resource
win11-20231215-en
windows11-21h2-x64
1 signatures
150 seconds
General
-
Target
start_tool.bat
-
Size
17B
-
MD5
65e5c7f827460ebb2e3f180200afe86e
-
SHA1
776d739c2a0286844a4e8ea7cbac1e33e97afb4e
-
SHA256
4c4f3756a56db801fc2ec0e01b5bf5b3eb26bd16e933838a9e70a5474c8ed20a
-
SHA512
124758083ba5b72fd896a7f468eafc5d9c7ed185a16c4bf5d3735123b0f7c663be20fc4e00f1e785d08fc65f316e123fb4d74c6a1758217ccbc9f6d1c0e52895
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2368 wrote to memory of 2324 2368 cmd.exe AppInstallerPythonRedirector.exe PID 2368 wrote to memory of 2324 2368 cmd.exe AppInstallerPythonRedirector.exe PID 2368 wrote to memory of 2324 2368 cmd.exe AppInstallerPythonRedirector.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start_tool.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exepython atio.py2⤵PID:2324