ad272132970772ec9c1cf693f5aaee542a68c0f849d1b2eaaeebd0abf78e567a | Triage

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 06:57

Sharing

Report Analysis Logs

General

Target

RestoreSettings.bat
Size

156B
MD5

bc2e2382a966605bc3846989a276dc4f
SHA1

dd1920f15232e5ed9103161f8825519431182766
SHA256

9ae680671546aeb5a73163e6fdfce628d201a1e224f3cec18a1252509ad6eae4
SHA512

e96179071a6494dc8c991692fbd7dc91c6519c88ba9b2649bc9748ec4a0a624584bd5fede331a4a18340b2db6668b2f51ccb36aff3b4808007ce6ea6457abb73

Score

1^/10

Malware Config

Signatures

Runs .reg file with regedit 1 IoCs

pid	Process
2992	regedit.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 572 wrote to memory of 2992	572	cmd.exe	94
PID 572 wrote to memory of 2992	572	cmd.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\RestoreSettings.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:572
- C:\Windows\regedit.exe
  regedit WinOrgSettings.reg
  2⤵
  - Runs .reg file with regedit
  PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads