842774fad0e00fd214ce0d72f9003dcb75ee7dee637d0a7fa77cb36bf9f191bc | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 03:57

Sharing

Report Analysis Logs

General

Target

imex.bat
Size

91B
MD5

ba47c1e6fba35998c875caebad2a11b9
SHA1

6c64f06c5f22a2ae9ef6d71bc4a755ac6cb8b0a3
SHA256

5eae4f657167314616cf3109d6b4a26de667dc9455b55f640677e1d84535c8d3
SHA512

7038353d527d44688f679fd916fc7879610047f1b030fc065f51d44221079cbbd7986f1853cdb53e277f93bbe24b4a4fa452f85e875c3ede8fa37fb400a3421f

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral10/memory/3628-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral10/memory/3628-1-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 3628	2412	cmd.exe	87
PID 2412 wrote to memory of 3628	2412	cmd.exe	87
PID 2412 wrote to memory of 3628	2412	cmd.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\imex.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\vpncore.exe
  C:\Users\Admin\AppData\Local\Temp\vpncore.exe
  2⤵
  PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3628-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3628-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download