f28a51b11bd5a184a2415a5243ee65b31a19109e61acc50a14c174a613fe4938

Analysis

max time kernel
92s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 22:41

Target

Malware-master/Disablenet.bat
Size

420B
MD5

824a7bdbc0f32e6be84498f484e9346b
SHA1

0f59f00ec29e1d5d7e9b77cc40ce2afb241bd1ef
SHA256

12bf9300c346dc1d384594ce8cd9299fde0fd05ce8f20eda5ca202cbc66381ee
SHA512

d93deee70274b3b07ba3969bd5fd9748fb1a69c480c8283b1add17517aca46edd4193484564b946caf5fb5a6c03ea84f28b057af1fc7d3e825a54e69dd2b7cc8

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 4032	3844	cmd.exe	85
PID 3844 wrote to memory of 4032	3844	cmd.exe	85
PID 3844 wrote to memory of 1936	3844	cmd.exe	86
PID 3844 wrote to memory of 1936	3844	cmd.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-master\Disablenet.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Windows\system32\reg.exe
  reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
  2⤵
  PID:4032
- C:\Windows\system32\reg.exe
  reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
  2⤵
  PID:1936