26cca1ec09795f47b983d21c69312fefed6cdc8806fbdbbf920b1beee1d442a6 | Triage

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 12:16

Sharing

Report Analysis Logs

General

Target

Xvirus-Tools-main/start.bat
Size

22B
MD5

439fcacf5dbd7675b272bf20a28ebd26
SHA1

567c60f881fe536d43f69973914cfa55ba3577a4
SHA256

93f20b2d08664ce038d6c18475c6a82f6304da012aa910ffc82aca3657fd0a76
SHA512

b4650e771dda5e29340867f73d5f5478e28ac3d17f00ea8d99f71e6d519faedf00e00aeba0cab889984a581adcde65a20c9bcb7e6ee818f0471de0dd6bbc1262

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 2616	864	cmd.exe	83
PID 864 wrote to memory of 2616	864	cmd.exe	83
PID 864 wrote to memory of 2616	864	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-main\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python Xvirus.py
  2⤵
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads