a8a835a58def67f4a176d105dbbd26e220158f853e2dab0efbd54106bc58b051

Resubmissions

10/05/2024, 23:50

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
10/05/2024, 23:50

Reason

Machine shutdown

Target

bsod uwu .3 silly uwu .cmd
Size

101B
MD5

85a79be034c9f35e8d93fceb6c2c19e1
SHA1

8e3599eac61e240dfd8c0637c7374ae87c54928d
SHA256

a8a835a58def67f4a176d105dbbd26e220158f853e2dab0efbd54106bc58b051
SHA512

ec46d5c977279ecc7d2395536e6f496f597b1f4d1278332359bff382ef8c3b69982fec55b4b21cb9ea504b9ed1370597e024149f840c9c584949d6d4158b0d98

Score

1^/10

Kills process with taskkill 1 IoCs

evasion

pid	Process
3548	taskkill.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 892	1768	cmd.exe	79
PID 1768 wrote to memory of 892	1768	cmd.exe	79
PID 892 wrote to memory of 1716	892	net.exe	80
PID 892 wrote to memory of 1716	892	net.exe	80
PID 1768 wrote to memory of 3548	1768	cmd.exe	81
PID 1768 wrote to memory of 3548	1768	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bsod uwu .3 silly uwu .cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:892
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:1716
- C:\Windows\system32\taskkill.exe
  taskkill /f /im svchost.exe
  2⤵
  - Kills process with taskkill
  PID:3548