a714eaa1b9a83f2ad453af2c13a97ce52e7f38613cc8cc260fdc59100a977980 | Triage

Analysis

max time kernel
21s
max time network
18s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 20:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

REDEEMER V3.2 (UWP) - Copy/opener.bat
Size

564B
MD5

30b309adbbbf7b08be7e526951c48af3
SHA1

3f57142288d1bda91b7d74bf8596928e54e3143b
SHA256

9dfd0f31ffd5eb22ebb3b3ae1cb12f3bd53c9b0ef5eda3ce12c38c1d2fe9c22a
SHA512

9051274ef18678aa26b18d1c4484390aa612543a9bb4dd9e5dda27a96fb7a10ff9948f3ec10c66d2dfe9cac6536e8c0b126c14c60c1a8866f5c0f516eeeeacba

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2900	2896	cmd.exe	29
PID 2896 wrote to memory of 2900	2896	cmd.exe	29
PID 2896 wrote to memory of 2900	2896	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\REDEEMER V3.2 (UWP) - Copy\opener.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\system32\where.exe
  where python
  2⤵
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads