cb3fc239e7d29e7e2425e7fcdbfa1097d15cc3e1100a4d32cf7b20a9d2cdd5f7

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 07:58

Target

wufuc/install_wufuc.bat
Size

6KB
MD5

e858df69705b2181e876cf2c10f21c60
SHA1

4afde93213d0bca2d8d42c6cfdd1d85f81362be0
SHA256

dcd22a63446d7ed51498c7c6aa0aac7de970ad3c8b655d6868c89022d554f2cf
SHA512

cee57ee3aae8392f63c9f1f7b7202d95c7114faf332c5e4bdfebddd182a40cda084b2bfa742c01a8f63ac7309e50e2e47c04a8df3fabae531630ce1637f01d4a
SSDEEP

96:1HaK1BTMWP/ZYIPjqKHNoYW1JVAkJqCSNBFawwLOIErYZMtUYfavKg:1HaYBgElTtoY+Ak4BBAwwLOIErQ/zvKg

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2368 wrote to memory of 2740	2368	cmd.exe	fltMC.exe
PID 2368 wrote to memory of 2740	2368	cmd.exe	fltMC.exe
PID 2368 wrote to memory of 2740	2368	cmd.exe	fltMC.exe
PID 2368 wrote to memory of 2656	2368	cmd.exe	cmd.exe
PID 2368 wrote to memory of 2656	2368	cmd.exe	cmd.exe
PID 2368 wrote to memory of 2656	2368	cmd.exe	cmd.exe
PID 2368 wrote to memory of 2760	2368	cmd.exe	findstr.exe
PID 2368 wrote to memory of 2760	2368	cmd.exe	findstr.exe
PID 2368 wrote to memory of 2760	2368	cmd.exe	findstr.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\wufuc\install_wufuc.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" ver "
2⤵
PID:2656