4c4f3756a56db801fc2ec0e01b5bf5b3eb26bd16e933838a9e70a5474c8ed20a | Triage

Analysis

max time kernel
1s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
12-02-2024 19:29

Sharing

Report Analysis Logs

General

Target

start_tool.bat
Size

17B
MD5

65e5c7f827460ebb2e3f180200afe86e
SHA1

776d739c2a0286844a4e8ea7cbac1e33e97afb4e
SHA256

4c4f3756a56db801fc2ec0e01b5bf5b3eb26bd16e933838a9e70a5474c8ed20a
SHA512

124758083ba5b72fd896a7f468eafc5d9c7ed185a16c4bf5d3735123b0f7c663be20fc4e00f1e785d08fc65f316e123fb4d74c6a1758217ccbc9f6d1c0e52895

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2368 wrote to memory of 2324	2368	cmd.exe	AppInstallerPythonRedirector.exe
PID 2368 wrote to memory of 2324	2368	cmd.exe	AppInstallerPythonRedirector.exe
PID 2368 wrote to memory of 2324	2368	cmd.exe	AppInstallerPythonRedirector.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start_tool.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python atio.py
2⤵
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads