a2e8843e56a343eb851c92463c123b06c2edc8a7c4704ec51e4ba42405cdb9b4 | Triage

Analysis

max time kernel
140s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 10:06

Sharing

Report Analysis Logs

General

Target

SALIKHACK/SALIKHACK.bat
Size

238B
MD5

21a67af3a0e70534daf91c971545bc80
SHA1

23141575d04651a2cd778a33732805c468033ef0
SHA256

940dd6c2693be78a671cad250f75a5b5324b3350e2b2fc1cfc098293b934fdb3
SHA512

b79f1dd26beee4a6995b0d67f112e4dff152d05822e8482579b6bdbd414b06cfbdeb6f55f4cb41d1821e6e7b98bfa3852e1d163355b3de5cd985373f8a333e66

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

cmd.exenet.exenet.exe

description	pid	process	target process
PID 4984 wrote to memory of 4568	4984	cmd.exe	reg.exe
PID 4984 wrote to memory of 4568	4984	cmd.exe	reg.exe
PID 4984 wrote to memory of 4428	4984	cmd.exe	reg.exe
PID 4984 wrote to memory of 4428	4984	cmd.exe	reg.exe
PID 4984 wrote to memory of 2644	4984	cmd.exe	net.exe
PID 4984 wrote to memory of 2644	4984	cmd.exe	net.exe
PID 2644 wrote to memory of 2520	2644	net.exe	net1.exe
PID 2644 wrote to memory of 2520	2644	net.exe	net1.exe
PID 4984 wrote to memory of 1952	4984	cmd.exe	net.exe
PID 4984 wrote to memory of 1952	4984	cmd.exe	net.exe
PID 1952 wrote to memory of 2496	1952	net.exe	net1.exe
PID 1952 wrote to memory of 2496	1952	net.exe	net1.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SALIKHACK\SALIKHACK.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4984

C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\DWM" /v Composition /t reg_dword /d 00000001 /f
2⤵
PID:4568

C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\DWM" /v CompositionPolicy /t reg_dword /d 00000002 /f
2⤵
PID:4428

C:\Windows\system32\net.exe
net stop uxsms
2⤵
- Suspicious use of WriteProcessMemory
PID:2644

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop uxsms
3⤵
PID:2520

C:\Windows\system32\net.exe
net start uxsms
2⤵
- Suspicious use of WriteProcessMemory
PID:1952

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start uxsms
3⤵
PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...