a182db438c03d54df11bf4fae1ab523bb05e5d07019e09720d6459d888e7e5c8

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 09:16

Target

rime-install-config.bat
Size

593B
MD5

3769e71ce1a6be0bca2552e677b27162
SHA1

baa39ef6435035a5c59ead6951a98897da955de9
SHA256

890e4f079d84e2737f4b0e4a268fdd21569d54b4779a37cb92ed364f64b394e8
SHA512

5dac17c25e9fc35b87af951d12546cf86f74c918a92ae5b69e83094bc08be53190df824b007645197800798a0bf45d02a44198312e78146c483db418bcc6d269

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 3492	3144	cmd.exe	86
PID 3144 wrote to memory of 3492	3144	cmd.exe	86
PID 3492 wrote to memory of 3496	3492	cmd.exe	87
PID 3492 wrote to memory of 3496	3492	cmd.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\rime-install-config.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c reg query "HKEY_CURRENT_USER\SOFTWARE\Rime\Weasel" /v "RimeUserDir"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3492
- - C:\Windows\system32\reg.exe
    reg query "HKEY_CURRENT_USER\SOFTWARE\Rime\Weasel" /v "RimeUserDir"
    3⤵
    PID:3496