0265882deac703b280b72f543e2c92d9164e7bde805de25ed1e8c313e16a1885

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 17:04

Target

batch.bat
Size

68B
MD5

616c2f2f2e9c2560d6fbcfcd421af80e
SHA1

534f0d1fa7282b0ae90f3a13faf8f2718a3655e4
SHA256

0265882deac703b280b72f543e2c92d9164e7bde805de25ed1e8c313e16a1885
SHA512

bca018320944b3f81802a1c751db6d7e623f769880b55187d2aee4b8d30f897857c5f95c9ba68c48023f7736a76f7ef4334c46f7ec22032d26fc333f369e3659

Score

1^/10

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2748	2172	cmd.exe	29
PID 2172 wrote to memory of 2748	2172	cmd.exe	29
PID 2172 wrote to memory of 2748	2172	cmd.exe	29
PID 2172 wrote to memory of 2620	2172	cmd.exe	31
PID 2172 wrote to memory of 2620	2172	cmd.exe	31
PID 2172 wrote to memory of 2620	2172	cmd.exe	31
PID 2172 wrote to memory of 2656	2172	cmd.exe	32
PID 2172 wrote to memory of 2656	2172	cmd.exe	32
PID 2172 wrote to memory of 2656	2172	cmd.exe	32
PID 2172 wrote to memory of 2876	2172	cmd.exe	35
PID 2172 wrote to memory of 2876	2172	cmd.exe	35
PID 2172 wrote to memory of 2876	2172	cmd.exe	35
PID 2172 wrote to memory of 2448	2172	cmd.exe	36
PID 2172 wrote to memory of 2448	2172	cmd.exe	36
PID 2172 wrote to memory of 2448	2172	cmd.exe	36
PID 2172 wrote to memory of 1912	2172	cmd.exe	40
PID 2172 wrote to memory of 1912	2172	cmd.exe	40
PID 2172 wrote to memory of 1912	2172	cmd.exe	40
PID 2172 wrote to memory of 1976	2172	cmd.exe	41
PID 2172 wrote to memory of 1976	2172	cmd.exe	41
PID 2172 wrote to memory of 1976	2172	cmd.exe	41
PID 2172 wrote to memory of 1632	2172	cmd.exe	43
PID 2172 wrote to memory of 1632	2172	cmd.exe	43
PID 2172 wrote to memory of 1632	2172	cmd.exe	43
PID 2172 wrote to memory of 2720	2172	cmd.exe	44
PID 2172 wrote to memory of 2720	2172	cmd.exe	44
PID 2172 wrote to memory of 2720	2172	cmd.exe	44

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\batch.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2748
- C:\Windows\explorer.exe
  explorer
  2⤵
  PID:2620
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2656
- C:\Windows\explorer.exe
  explorer
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2448
- C:\Windows\explorer.exe
  explorer
  2⤵
  PID:1912
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1976
- C:\Windows\explorer.exe
  explorer
  2⤵
  PID:1632
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2720

memory/2172-10-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2172-49-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download