3c5e0085adfb6d60d77aa3b3f4a8cf2e3beb1139de69d1f921c6e1017da16a9f

Resubmissions

02-04-2024 18:02

02-04-2024 17:49

max time kernel
1163s
max time network
1166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2024 18:02

Target

JIGUtility_V2.0.8.0_20230112/ASUSR_ParsingRecord/ASUSR_ParsingRecord/ASUSFLS.cmd
Size

567B
MD5

490c7401bc7a4acdbc9bf3cf524a1ba0
SHA1

3606d3d7864223e7a8a1db2b7e192594f59353b2
SHA256

51d734361b2474d9077bcf863415b9d44365f18b6ad27c5f219ea12e99c197ce
SHA512

c6ded98733b9f6a04de1cd800b9ec478aa8da24d856b90217bc7aefcea12dfa541e41aac7d2dac018ebc8a618c3e2f35fa94b862686f93d3b8cee5d14c328989

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	Process	procid_target
PID 4728 wrote to memory of 4816	4728	cmd.exe	88
PID 4728 wrote to memory of 4816	4728	cmd.exe	88
PID 4728 wrote to memory of 4816	4728	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSFLS.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.exe
  .\ASUSR_ParsingRecord.exe /flash /SERIAL_NO /ISN_NO /JB_TEST_TYPE /JB_TEST_START_TIME /JB_HW_VERSION /JB_FW_VERSION /JB_BIOS_UPDATE_TIME /JB_UTILITY_AP_VERSION /JB_BIOS_UPDATE_VERSION /JB_BIOS_UPDATE_RESULT /filename -a
  2⤵
  PID:4816