1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596

Resubmissions

26-03-2024 14:35

26-03-2024 14:27

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 14:27

Target

*.*/˫ǩ.bat
Size

100B
MD5

b2c8d1f31c73f52c275393f231e3843e
SHA1

debbc8e818ab2acc8f12b08930315c894e7efde8
SHA256

77badaf1d085e90578b76cd1fafb252e13d4074f643b7d43cbee38580d7dee24
SHA512

0268085427d632fe4fec8e7702da5b7715a2ecc13f9ddda86f02f965c3745872e53325d12cb48ab7797bebce4b76203e3edc2631c6dacf3417a91a6c00841de6

Score

1^/10

Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs

pid	Process
2732	signtool.exe
2996	signtool.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2732	2296	cmd.exe	29
PID 2296 wrote to memory of 2732	2296	cmd.exe	29
PID 2296 wrote to memory of 2732	2296	cmd.exe	29
PID 2296 wrote to memory of 2732	2296	cmd.exe	29
PID 2296 wrote to memory of 2996	2296	cmd.exe	30
PID 2296 wrote to memory of 2996	2296	cmd.exe	30
PID 2296 wrote to memory of 2996	2296	cmd.exe	30
PID 2296 wrote to memory of 2996	2296	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\_._\˫ǩ.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\_._\signtool.exe
  signtool.exe sign /f wh.pfx /p 198759 Mochen.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2732
- C:\Users\Admin\AppData\Local\Temp\_._\signtool.exe
  signtool.exe sign /f wh.pfx /p 198759 Update.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2996

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar67B0.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1658372521-4246568289-2509113762-1000\48df8e8a98b419763e6fe0e9bddab06a_f4bfc772-1e14-4cb7-967a-2360098b659f

Filesize
2KB

MD5
24a4333d6ffa14b2353baf045a1b80af

SHA1
3cc0e9e60b819ea998c8c341252363937e05c14f

SHA256
2d34debee80e6a71b4db9c63ae26ac48ecb718d61b5e03b541607cf556450220

SHA512
725f1242aa42e7b0d1456e66fedb11a126482940c652fb5550ff035f069df2bb936665bc061be82867f9a4534e033befff4df5c65f5573710ce15c6e28406547

Download Submit