199f4c8f9cf18271f8792d8f4a2ab5589a41dcaa2d610f0d5a9fc00181ba6289 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 21:42

Sharing

Report Analysis Logs

General

Target

obfuscated_uni.bat
Size

22KB
MD5

1d28f5d1b56750a7e9426e86982a8bcc
SHA1

8ded9c1bb2a40ae9fc0ac433cfb78ddb445a9283
SHA256

199f4c8f9cf18271f8792d8f4a2ab5589a41dcaa2d610f0d5a9fc00181ba6289
SHA512

9c59465d4523322af818a014810a90c23054f41a44ae500509aecb1eb5aad9a025deb422b61cb00e0f96ce46b0a460ff5b4e5e7cf3c2652af7e2677b304693e2
SSDEEP

384:Atv2G/vh4lFi6GMp6KrTcIuFpJEiZFRhM114e7JDwX8RBwMjzlz9:mewqrdtAxeqX8R1jzlz9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2864	1464	cmd.exe	81
PID 1464 wrote to memory of 2864	1464	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\obfuscated_uni.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" exit /b)):: SET WEBHOOK "
  2⤵
  PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads