fb8f0ad44b477f5baf24fa26a61296f61f5e6e3cc1141ec82978be3afdf02faa

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 09:33

Target

Valorant Optimization Pack - OGTech/4. Clean-Ups/Delete Windows Update Cache.cmd
Size

157B
MD5

a7865b90ffa1e415387e39ef19d5c015
SHA1

bcb214aae21bd93c39dd18366b6e07c5fe917080
SHA256

d4cdc3c32845baad86e299abef45bf4bb9d87b579c6a5667b3bfa58ebb236bc2
SHA512

4aee679084196fc53e9cbd0207476a3af43dd23e0a8b2802b3064b5463d878af1f4c1ebbd4f98f5a1b723e2185875d455d7f7a4939f7bb292ad3706876d6da12

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2680	2420	cmd.exe	29
PID 2420 wrote to memory of 2680	2420	cmd.exe	29
PID 2420 wrote to memory of 2680	2420	cmd.exe	29
PID 2680 wrote to memory of 2160	2680	net.exe	30
PID 2680 wrote to memory of 2160	2680	net.exe	30
PID 2680 wrote to memory of 2160	2680	net.exe	30
PID 2420 wrote to memory of 2312	2420	cmd.exe	31
PID 2420 wrote to memory of 2312	2420	cmd.exe	31
PID 2420 wrote to memory of 2312	2420	cmd.exe	31
PID 2312 wrote to memory of 2728	2312	net.exe	32
PID 2312 wrote to memory of 2728	2312	net.exe	32
PID 2312 wrote to memory of 2728	2312	net.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Valorant Optimization Pack - OGTech\4. Clean-Ups\Delete Windows Update Cache.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\system32\net.exe
  net stop wuauserv
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop wuauserv
    3⤵
    PID:2160
- C:\Windows\system32\net.exe
  net stop UsoSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop UsoSvc
    3⤵
    PID:2728