1a5e1140af17280a8522c6f76d18496aeb65f69a0b45e9acf1ac20722f888fe7 | Triage

Analysis

max time kernel
39s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 17:12

Sharing

Report Analysis Logs

General

Target

Malware.bat
Size

874B
MD5

e9b70ef15f167ddc08b5bcffb737f444
SHA1

d05be72ff22dab19f512821be95ac364bafec865
SHA256

1a5e1140af17280a8522c6f76d18496aeb65f69a0b45e9acf1ac20722f888fe7
SHA512

aed532ca5d61df9b058f428ec945182a1ff2b27a3c3969dee825ca51aee820e69044bb354590e22a8124634a45f46289261e73b1cd11e8702cc20ed2f4671ca5

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Malware.bat	cmd.exe
File opened for modification	C:\Program Files\Malware.bat	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 1008	3760	cmd.exe	101
PID 3760 wrote to memory of 1008	3760	cmd.exe	101
PID 3760 wrote to memory of 1692	3760	cmd.exe	102
PID 3760 wrote to memory of 1692	3760	cmd.exe	102

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware.bat"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Windows\system32\msg.exe
  msg * Your computer has been infected with malware!
  2⤵
  PID:1008
- C:\Windows\system32\msg.exe
  msg * Please contact support for assistance.
  2⤵
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads