fed94556d81622a39c4bfbaf39fa11dcab6a9b63fc487e037ccb1771f92ea894 | Triage

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 20:58

Sharing

Report Analysis Logs

General

Target

hey/twelfth.bat
Size

1KB
MD5

4e7c3ec7e4db2756209f5190355c3716
SHA1

183a6caaba0208f8bdfe3bf7e25f069ecddf19f5
SHA256

f2178583f6008d7ade32bb218bcd5d846859ce059875b4f603e18be57a59c7a8
SHA512

d3f3ddef38d17b9b2ac209719d6bcc83d13053abc9a97e4055f1b899fbfdba054317a5c94e2a688637b18440adb120065a89a7de5ae6b84ef7b91b8922bdd768

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2124 wrote to memory of 2468	2124	cmd.exe	xcopy.exe
PID 2124 wrote to memory of 2468	2124	cmd.exe	xcopy.exe
PID 2124 wrote to memory of 2468	2124	cmd.exe	xcopy.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\hey\twelfth.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124

C:\Windows\system32\xcopy.exe
xcopy /s /i /e /h hey\superstring.dll C:\Users\Admin\AppData\Local\Temp\*
2⤵
PID:2468

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...