9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 08:54

Target

9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e.bat
Size

5.7MB
MD5

d827d916e23e9a75a9bdfab942270bda
SHA1

e62fc5b580e1d17a9444a457dbba24a57c9ad41d
SHA256

9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e
SHA512

efdf12d98ec5150a7112e299da0783dcc4080c3132ee1d96589d646f5100290f5a56088e82f975a6de5b1416c32be1d83706b4d43717f6b3e00d90fde4590b81
SSDEEP

98304:39MQozqaAK1ySd0PvSHWnkLTd1otUppjWlWFonp3Bak:39MQozqaAK1ySd0PvSHWnkLTd1otUppa

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 1184	1124	cmd.exe	98
PID 1124 wrote to memory of 1184	1124	cmd.exe	98

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\9231dd1fc685c7c04d943a9078b346a2e53bbf30c3903776cd6ad1544fe6f27e.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\system32\certutil.exe
  certutil -decode x
  2⤵
  PID:1184

C:\Users\Admin\AppData\Local\Temp\x

Filesize
4KB

MD5
c058a1e2e3601e75388a110fe3a6b61c

SHA1
11ace7803f980a195fd0ea4150b26fc68b72795f

SHA256
36abf58f4a6d4240c6d0b5edd3e4820cb63243c5c5a2f6161591388cb0464275

SHA512
5c59389a9415a4b9a370f199fe5a38bfca0894357708b9ca9d9727c0022d519ffb7f40126b52ec2694f4fddaf379ea4c75094e5463c8fc57c953a2ed4557ed01

Download Submit