99f5045fffbffb745d67fe3a065a953c4a3d9c253b868892d9b685b0ee7d07b8 | Triage

Analysis

max time kernel
90s
max time network
203s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
16/05/2024, 07:26

Sharing

Report Analysis Logs

General

Target

nssm-2.24-101-g897c7ad/src/version.cmd
Size

1KB
MD5

3e67b67b2ecb2d3042dfaa7d216883b1
SHA1

1e857c1fac7a99a8d280e219e9a8f1bd4d315a5d
SHA256

15b426e1c03c0976c9b133f82553da5c7e9cf3320dbb3b5cf269854afc80b548
SHA512

6482ee84a35462f38468cf3d4e31841524d4ad4b1bae9ac24df6f24c74676a8fe8c3999461698ec4e29bcfc57c9e1348795454edc9d95380c020dfdd5ba71407

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 2232	5092	cmd.exe	80
PID 5092 wrote to memory of 2232	5092	cmd.exe	80
PID 5092 wrote to memory of 3756	5092	cmd.exe	81
PID 5092 wrote to memory of 3756	5092	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\nssm-2.24-101-g897c7ad\src\version.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c git describe --tags --long
  2⤵
  PID:2232
- C:\Windows\system32\fc.exe
  fc version.h version.h.new
  2⤵
  PID:3756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads