1aba0fbc3019c71cc0cc31caae64fb625cef3bb64ac3aaffb65ce8a3cbac5b3f | Triage

Resubmissions

14/05/2024, 23:21

240514-3b14lsde21 1

Analysis

max time kernel
48s
max time network
17s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 23:21

Sharing

Report Analysis Logs

General

Target

bankai.bat
Size

39B
MD5

c529740a04e94c723b2e65838f14c0fc
SHA1

534e30c20a43be56f88041c96a6ee69eeecc5cd0
SHA256

1aba0fbc3019c71cc0cc31caae64fb625cef3bb64ac3aaffb65ce8a3cbac5b3f
SHA512

7736380f806c1ed136dcf3928ac16d57e7b3c84ee775e02a0c78dbf08a864bdca4567b75d0d5b7c2aa68ec4f20110acaba282496ec01cf50687fbf1e51a9de2f

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2588	notepad.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2588	1772	cmd.exe	29
PID 1772 wrote to memory of 2588	1772	cmd.exe	29
PID 1772 wrote to memory of 2588	1772	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\bankai.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\system32\notepad.exe
  notepad.exe
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads