987541fcb8f55dc8a923fa9b8713ba240837fc13542975fd4d604d9238c56ac2 | Triage

Analysis

max time kernel
90s
max time network
199s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
05/05/2024, 01:42

Sharing

Report Analysis Logs

General

Target

PC Cleaner.bat
Size

623B
MD5

3de87f574f44a06bdb09ca485e421aa7
SHA1

45f38ee8b1ee882b1fdcf72164016a10e7aa1b9a
SHA256

987541fcb8f55dc8a923fa9b8713ba240837fc13542975fd4d604d9238c56ac2
SHA512

135251f74301864bf22f4315a6d385c9a98425b476973e82e30e51dbc13c2e189c53ec9cf87707eec15d21a7d95c8d81627784d32e2ede705edb2000953eb421

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 460	2472	cmd.exe	80
PID 2472 wrote to memory of 460	2472	cmd.exe	80
PID 460 wrote to memory of 2960	460	net.exe	81
PID 460 wrote to memory of 2960	460	net.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PC Cleaner.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:460
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads