37cfc128f60c2c2ede7ffb2db6b9873480e53ecac6184334a2308df477b65be6 | Triage

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2024 10:38

Sharing

Report Analysis Logs

General

Target

xSpoofer-ReleaseNew2.0/tools/Fix - Windows 11/3.FixBios.bat
Size

442B
MD5

0bf665e58712ce11dd65007f89fcb0f0
SHA1

a1f49dc613257d434cb54ad13abec51b3f9fb35d
SHA256

1ac5ba24ca20bea659b8fa7bfb7c75a2b8c86d46ba9e84c131ddab86f6999f4e
SHA512

152de4404688ce82a245dd7df79226eb4b2f3aef9d4acb50559169f1fcf07ce39e02493f8e6ad285c2a80a5b124745650c5f2286be254b81cfdd164f6b2e07f6

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exenet.exe

description	pid	process	target process
PID 1684 wrote to memory of 3300	1684	cmd.exe	net.exe
PID 1684 wrote to memory of 3300	1684	cmd.exe	net.exe
PID 3300 wrote to memory of 1732	3300	net.exe	net1.exe
PID 3300 wrote to memory of 1732	3300	net.exe	net1.exe
PID 1684 wrote to memory of 5036	1684	cmd.exe	reg.exe
PID 1684 wrote to memory of 5036	1684	cmd.exe	reg.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\xSpoofer-ReleaseNew2.0\tools\Fix - Windows 11\3.FixBios.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\system32\net.exe
NET SESSION
2⤵
- Suspicious use of WriteProcessMemory
PID:3300

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 SESSION
3⤵
PID:1732

C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3
2⤵
PID:5036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...