Analysis
-
max time kernel
0s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
21/05/2024, 17:04
Static task
static1
Behavioral task
behavioral1
Sample
exit_handle.py
Resource
win11-20240426-en
12 signatures
1800 seconds
Behavioral task
behavioral2
Sample
install_dependencies.bat
Resource
win11-20240426-en
0 signatures
1800 seconds
Behavioral task
behavioral3
Sample
start.bat
Resource
win11-20240426-en
1 signatures
1800 seconds
Behavioral task
behavioral4
Sample
start.py
Resource
win11-20240426-en
26 signatures
1800 seconds
General
-
Target
start.bat
-
Size
19B
-
MD5
5a96bec575d3b2ce99a06b4bc5e05956
-
SHA1
bfbaace7a707572f82787382cc16d55905b8c7c8
-
SHA256
4bb5ace41f53d3614b6f0bb8cd2a7da51722bddf1ce57ebc144d7856df6d4fd8
-
SHA512
11f2335ded21fe0e55682e1020f98754290afef6ed1857ddb2e46025f5868f52e6652d26e8a308d60bd0a6209060447659549225690c625980aaa20127512761
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5024 wrote to memory of 4424 5024 cmd.exe 79 PID 5024 wrote to memory of 4424 5024 cmd.exe 79 PID 5024 wrote to memory of 4424 5024 cmd.exe 79
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:5024 -
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exepython start.py2⤵PID:4424
-