1aba0fbc3019c71cc0cc31caae64fb625cef3bb64ac3aaffb65ce8a3cbac5b3f | Triage

Resubmissions

14/05/2024, 23:21

240514-3b14lsde21 1

Analysis

max time kernel
35s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 23:21

Sharing

Report Analysis Logs

General

Target

bankai.bat
Size

39B
MD5

c529740a04e94c723b2e65838f14c0fc
SHA1

534e30c20a43be56f88041c96a6ee69eeecc5cd0
SHA256

1aba0fbc3019c71cc0cc31caae64fb625cef3bb64ac3aaffb65ce8a3cbac5b3f
SHA512

7736380f806c1ed136dcf3928ac16d57e7b3c84ee775e02a0c78dbf08a864bdca4567b75d0d5b7c2aa68ec4f20110acaba282496ec01cf50687fbf1e51a9de2f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 1104	4020	cmd.exe	83
PID 4020 wrote to memory of 1104	4020	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bankai.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Windows\system32\notepad.exe
  notepad.exe
  2⤵
  PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads