c529cd95c0c85ca18df3e690f840e51d0be33b5b92f8bf1e9f91821eaedac68c | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 20:22

Sharing

Report Analysis Logs

General

Target

run.bat
Size

70B
MD5

922d706a6ff52cd5f8ff57287aec9907
SHA1

c2093b630f1180bc8b48c71957655182f6a56053
SHA256

12ecd3179026dc979012895d1ba547cdd48b6940d34eb5cca266ef943c990efd
SHA512

eca850162e741141a2a7e62a028cfb3c9ec45baecbdf9a0560fbc82a3aed2ef9fccd108aa8b167002fd1727e0170cdfc29a3d5d4bb574690cdeefa6b2b3e6fb3

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
312	file.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 312	1304	cmd.exe	29
PID 1304 wrote to memory of 312	1304	cmd.exe	29
PID 1304 wrote to memory of 312	1304	cmd.exe	29
PID 1304 wrote to memory of 312	1304	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\file.exe
  "file.exe"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads