a9e270217d12867c2609d9423d1b2ed83fcf7cd08aeeee3ab09a4afdf9e9418e | Triage

Analysis

max time kernel
443s
max time network
448s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 02:27

Sharing

Report Analysis Logs

General

Target

Reset KeyMapper.bat
Size

23B
MD5

723a54699e0bcfb1b7eebae7d89a78e2
SHA1

3f99e284503365f3c177a58570beaa99595bc930
SHA256

f494aa928a1d2e8846d1e911a51e90fd49149f612ba001cb5c5a144d5ec271ca
SHA512

48de7717b32d078d58830629c7e2d7e200e31e767ab9136d5e05bb8085c17589a1b1c763f2288f84d6f9ded44234e2b7b2a33ea8865208a8ddeb30e5a7a0caa5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 3888	1488	cmd.exe	84
PID 1488 wrote to memory of 3888	1488	cmd.exe	84
PID 1488 wrote to memory of 3888	1488	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Reset KeyMapper.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Users\Admin\AppData\Local\Temp\DOSBox.exe
  DOSBox.exe -resetmapper
  2⤵
  PID:3888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3888-0-0x0000000000400000-0x000000000246D000-memory.dmp

Filesize
32.4MB

Download
memory/3888-2-0x0000000068100000-0x0000000068161000-memory.dmp

Filesize
388KB

Download
memory/3888-1-0x0000000067C00000-0x0000000067C0A000-memory.dmp

Filesize
40KB

Download