9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 08:54

Target

9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e.bat
Size

5.7MB
MD5

d827d916e23e9a75a9bdfab942270bda
SHA1

e62fc5b580e1d17a9444a457dbba24a57c9ad41d
SHA256

9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e
SHA512

efdf12d98ec5150a7112e299da0783dcc4080c3132ee1d96589d646f5100290f5a56088e82f975a6de5b1416c32be1d83706b4d43717f6b3e00d90fde4590b81
SSDEEP

98304:39MQozqaAK1ySd0PvSHWnkLTd1otUppjWlWFonp3Bak:39MQozqaAK1ySd0PvSHWnkLTd1otUppa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2532	2188	cmd.exe	31
PID 2188 wrote to memory of 2532	2188	cmd.exe	31
PID 2188 wrote to memory of 2532	2188	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\certutil.exe
  certutil -decode x
  2⤵
  PID:2532

C:\Users\Admin\AppData\Local\Temp\x

Filesize
3KB

MD5
dc89c5b876f0a9a2c59ed34d83381d04

SHA1
0f51eaba3f71ba4bc258a0e290abce67dd39e866

SHA256
7f77df937febf8bda94b755d69e107ff732c02aae1f051efdc4401e11230bda8

SHA512
157ff759e000ce09e30ff5d5102c2110a96191389eba47c4608685ab90570c12aa8e8829c804bd0377c32ab0c5e1857ce87af2321d9e651df0622fb5a8ed5f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\x

Filesize
4KB

MD5
c058a1e2e3601e75388a110fe3a6b61c

SHA1
11ace7803f980a195fd0ea4150b26fc68b72795f

SHA256
36abf58f4a6d4240c6d0b5edd3e4820cb63243c5c5a2f6161591388cb0464275

SHA512
5c59389a9415a4b9a370f199fe5a38bfca0894357708b9ca9d9727c0022d519ffb7f40126b52ec2694f4fddaf379ea4c75094e5463c8fc57c953a2ed4557ed01

Download Submit