3d16c0b2b646b27b4c97e8faf25cc0fb6163be6c8a06052e35c871ecdc1a2e0b | Triage

Resubmissions

22/02/2024, 23:12

240222-2695bsgf99 3

22/02/2024, 23:07

240222-233wvagf86 8

22/02/2024, 23:03

240222-21plfagb6x 8

Analysis

max time kernel
30s
max time network
141s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
22/02/2024, 23:07

Sharing

Report Analysis Logs

General

Target

launch.bat
Size

55B
MD5

eba1cce2735dee5889cd301bd8d6920c
SHA1

8603ce6f40ca1e7c96e2d0f73bea0c7f2ce060d1
SHA256

1a657bd8ee49122a706ee9e7f59d53e8c052213d94febb48134b8e64789f5b92
SHA512

3c40369fe4755196579a1ac2783e6069d0a49bd159641973e3576b295351495ae7de87085915517e7e9da6f8a601d2658affe63dddaeef8e3869f5a44ce9521b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 3608	3852	cmd.exe	79
PID 3852 wrote to memory of 3608	3852	cmd.exe	79
PID 3852 wrote to memory of 3608	3852	cmd.exe	79

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\launch.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python olympia.py
  2⤵
  PID:3608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
490B

MD5
321fe1f8d577cd8f8d1a12a001af4cca

SHA1
4b2a57f1f2f73355a5a6b2a70a7d75051c68d171

SHA256
8817554c54e35ecb99f4b7919507ac6db6d0a4bfa4d4dc1a15b6b7acd3ba2d57

SHA512
b4445dc9df9c6c36e8f2e2647bf2acd3a1d318b7450528da8e9d5923eecee9567c547b5b036e2d2eba24012d14ff4baca0979d08eae1a007ab47784199df0db3

Download Submit