fb8f0ad44b477f5baf24fa26a61296f61f5e6e3cc1141ec82978be3afdf02faa

Analysis

max time kernel
92s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 09:33

Target

Valorant Optimization Pack - OGTech/4. Clean-Ups/Delete Windows Update Cache.cmd
Size

157B
MD5

a7865b90ffa1e415387e39ef19d5c015
SHA1

bcb214aae21bd93c39dd18366b6e07c5fe917080
SHA256

d4cdc3c32845baad86e299abef45bf4bb9d87b579c6a5667b3bfa58ebb236bc2
SHA512

4aee679084196fc53e9cbd0207476a3af43dd23e0a8b2802b3064b5463d878af1f4c1ebbd4f98f5a1b723e2185875d455d7f7a4939f7bb292ad3706876d6da12

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 4824	432	cmd.exe	85
PID 432 wrote to memory of 4824	432	cmd.exe	85
PID 4824 wrote to memory of 2212	4824	net.exe	86
PID 4824 wrote to memory of 2212	4824	net.exe	86
PID 432 wrote to memory of 2980	432	cmd.exe	87
PID 432 wrote to memory of 2980	432	cmd.exe	87
PID 2980 wrote to memory of 3876	2980	net.exe	88
PID 2980 wrote to memory of 3876	2980	net.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Valorant Optimization Pack - OGTech\4. Clean-Ups\Delete Windows Update Cache.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\system32\net.exe
  net stop wuauserv
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4824
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop wuauserv
    3⤵
    PID:2212
- C:\Windows\system32\net.exe
  net stop UsoSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop UsoSvc
    3⤵
    PID:3876