9f4189a5317da63ebdd502c9a26f9f4f7661d4354f83c3be36e60a33fa93a067

Analysis

max time kernel
11s
max time network
19s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
21-02-2024 15:27

Target

data/flutter_assets/assets/misc/winnat.bat
Size

33B
MD5

a848640501c560e6134ae17fd2fdc2f0
SHA1

6cdf7b5ce48f4e4bd4730a3128ba5789b4bdb430
SHA256

668c2458ff69ad921d6d67d0a7f2c31c3ab90273a54254f06956187450f665e6
SHA512

c16600e0e1fb14b6dc781424c85be82e740cb2999c5214cf0a2ae70dbd6268c664657815f764cc8a3978591b39f0a71473f9a547bdb51f39ec5b5f8e4d13a3a7

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
604	Process not Found

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 4316	944	cmd.exe	75
PID 944 wrote to memory of 4316	944	cmd.exe	75
PID 4316 wrote to memory of 2992	4316	net.exe	76
PID 4316 wrote to memory of 2992	4316	net.exe	76
PID 944 wrote to memory of 1572	944	cmd.exe	77
PID 944 wrote to memory of 1572	944	cmd.exe	77
PID 1572 wrote to memory of 220	1572	net.exe	78
PID 1572 wrote to memory of 220	1572	net.exe	78

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\data\flutter_assets\assets\misc\winnat.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\system32\net.exe
  net stop winnat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4316
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop winnat
    3⤵
    PID:2992
- C:\Windows\system32\net.exe
  net start winnat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 start winnat
    3⤵
    PID:220