165ccde119e16783475aefa4915ac1f7e251fbbd4c37be85cad3fb2fe87cbb73 | Triage

Analysis

max time kernel
4s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
21/05/2024, 18:33

Sharing

Report Analysis Logs

General

Target

start.bat
Size

22B
MD5

37c4f262dabdf01445d615d1354fddd3
SHA1

e044e64cee96c0dc2ddadd1c2b9e422869f85498
SHA256

165ccde119e16783475aefa4915ac1f7e251fbbd4c37be85cad3fb2fe87cbb73
SHA512

bf8bf1826f1ef8f6669d099f0177532fe9128e3b02ed22c338085e6338c3c8b0d87cd7a4dac49e56d43f9a21dcdf0ffc21d408efbe96879387468de05b5a16b5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 1052	2764	cmd.exe	79
PID 2764 wrote to memory of 1052	2764	cmd.exe	79
PID 2764 wrote to memory of 1052	2764	cmd.exe	79

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python merek.py
  2⤵
  PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads