f2e4b9fdd539e4e57d4b36b59c86090ac4ddf78d2a3c132e5a8c0af4a5ca0d26

Analysis

max time kernel
143s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 13:08

Target

BatchOS.bat
Size

21KB
MD5

a50c454a7c0caedcfa3c589f48adde9b
SHA1

b63d82471cbb23e07b3e6d4a6979a73cb1d71a14
SHA256

f2e4b9fdd539e4e57d4b36b59c86090ac4ddf78d2a3c132e5a8c0af4a5ca0d26
SHA512

5f9b0f45a3798db2a4dc2dfa2041cafc2fd354ff46c15864bfcc7bd988e409f1506a83d263d7c6c8f5de548fcc63a06ca6d1dbf501de175000715511e0cee62e
SSDEEP

192:gLSttr+AJILuomifFXZY4W3VfIpt0sMKB6A+Ic2LtDv3lvZHElgb1mT+VdKjolSt:VhclZY4N3+AhvodQ5CZt5

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 3660	3808	cmd.exe	85
PID 3808 wrote to memory of 3660	3808	cmd.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\BatchOS.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Windows\system32\fsutil.exe
  fsutil file createnew BatchOSDir/bootsector.bin 512
  2⤵
  PID:3660

C:\Users\Admin\AppData\Local\Temp\BatchOSDir\batchosbuilder.bat

Filesize
226B

MD5
17d4c604bdc818337886fd667f50a88e

SHA1
f321b4be3bc32b6f9b594a19ce67795be03d033f

SHA256
99206a91ec442d2ff768f54d8ce0adf50a16215c59d208557b443577b97f536c

SHA512
331246cab022c969c33be43fa42a10da7f4e743ead68d0a325d6d8e0985c3a21a72a723f896e36e3f32dce77b462375481cf0175a9e8bbbc638d840165b0f17a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BatchOSDir\batchosbuilder.bat

Filesize
232B

MD5
fe75839176eccc8a98e19d4b2f0642eb

SHA1
c2a10ab668186c51f7b6b7230caa7e7d86536873

SHA256
19bdc704acd4868f9b7e334aa9d407419f0722317297cd7dfbce889448be5af5

SHA512
13f533c41038c688a18bfd4a40c832b47df5e77bfcfb1083992cbccab04e546707114cdc4982c4d75cafa0c4da5aab0e1ee6aff22cfa3285ef53e063b23bab81

Download Submit