f28a51b11bd5a184a2415a5243ee65b31a19109e61acc50a14c174a613fe4938

Analysis

max time kernel
37s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-03-2024 22:41

Target

Malware-master/Disablenet.bat
Size

420B
MD5

824a7bdbc0f32e6be84498f484e9346b
SHA1

0f59f00ec29e1d5d7e9b77cc40ce2afb241bd1ef
SHA256

12bf9300c346dc1d384594ce8cd9299fde0fd05ce8f20eda5ca202cbc66381ee
SHA512

d93deee70274b3b07ba3969bd5fd9748fb1a69c480c8283b1add17517aca46edd4193484564b946caf5fb5a6c03ea84f28b057af1fc7d3e825a54e69dd2b7cc8

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 3040	2292	cmd.exe	29
PID 2292 wrote to memory of 3040	2292	cmd.exe	29
PID 2292 wrote to memory of 3040	2292	cmd.exe	29
PID 2292 wrote to memory of 2544	2292	cmd.exe	30
PID 2292 wrote to memory of 2544	2292	cmd.exe	30
PID 2292 wrote to memory of 2544	2292	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Malware-master\Disablenet.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\system32\reg.exe
  reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
  2⤵
  PID:3040
- C:\Windows\system32\reg.exe
  reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
  2⤵
  PID:2544