2c376c69255d3445a86e8e1966c75e69a95ba95ab2fe15cca3f0c0ae1d18a797 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 10:10

Sharing

Report Analysis Logs

General

Target

AutoHotkey
Size

339B
MD5

2312ab36e3363bfa8f217c14354aba68
SHA1

736c5cb239a94007863c03c68705b890fd051302
SHA256

c53105c99521502a13e4dd32fa591a52b4b35026c68de86aa34f68532ff94769
SHA512

dcd58e38538b9aee53fa4d9b51e563e4e42bf9c7763d2094261b3de11dd21617bcb4bb8c39f86da9409c84b2b0e52a17a56a4aa1c832a0df47201576fd91860b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2904	AutoHotkey.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2904	2700	cmd.exe	29
PID 2700 wrote to memory of 2904	2700	cmd.exe	29
PID 2700 wrote to memory of 2904	2700	cmd.exe	29
PID 2700 wrote to memory of 2904	2700	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\AutoHotkey
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\AutoHotkey.exe
  C:\Users\Admin\AppData\Local\Temp\AutoHotkey
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads