0db9ac02645846b5033b403a818544371046214bfedef7e70d44f5f825713c00 | Triage

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 08:59

Sharing

Report Analysis Logs

General

Target

stop_service.bat
Size

33B
MD5

bfe37ab6a3dd8334125a7ae3d43e6355
SHA1

0f4982290f5d96fee2c9355592a8f2ebfd8199cb
SHA256

cfe581c1702895dd3fe12f5109ff6115c8fc7b761145f990d6a585892041d7c7
SHA512

e56e6aee6b476f002f06cae2407c9b320e30197e102dde866e08e01b77a79979bbd44d5b8498f95570a58ee36c4574256af6f391a830199ff85cc1319818d835

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 4108	5064	cmd.exe	84
PID 5064 wrote to memory of 4108	5064	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\stop_service.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Users\Admin\AppData\Local\Temp\WeaselServer.exe
  weaselserver.exe /q
  2⤵
  PID:4108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads