ace56fea4b7af878e92fa3caa903c1dd21e0b3b43c96ba114e682afa1c2413ed

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:18

Target

Blank-Grabber-main/Blank Grabber/env/Scripts/activate
Size

2KB
MD5

7c44cc248d0428f0f2f9b3b18a5098eb
SHA1

739c321e829aca23a0c43a2e3b01e63c83a12168
SHA256

7c27cea1d4edfae0820a9e16d8515adf1b217fdb8b46a0b63f2fbfbb44224cc4
SHA512

23ffdbac9ad295dadeb05b1b11bf19dc0bd0e0fd903a3607bb98c74576d41259ff69147b273d9d974781593440c0aac15497957a6206b6e83c31fb1df3d9a483

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

cmd.execmd.exe

description	pid	process	target process
PID 2100 wrote to memory of 2948	2100	cmd.exe	cmd.exe
PID 2100 wrote to memory of 2948	2100	cmd.exe	cmd.exe
PID 2100 wrote to memory of 2948	2100	cmd.exe	cmd.exe
PID 2948 wrote to memory of 2704	2948	cmd.exe	chcp.com
PID 2948 wrote to memory of 2704	2948	cmd.exe	chcp.com
PID 2948 wrote to memory of 2704	2948	cmd.exe	chcp.com
PID 2100 wrote to memory of 1880	2100	cmd.exe	chcp.com
PID 2100 wrote to memory of 1880	2100	cmd.exe	chcp.com
PID 2100 wrote to memory of 1880	2100	cmd.exe	chcp.com
PID 2100 wrote to memory of 2368	2100	cmd.exe	chcp.com
PID 2100 wrote to memory of 2368	2100	cmd.exe	chcp.com
PID 2100 wrote to memory of 2368	2100	cmd.exe	chcp.com

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\activate"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Windows\System32\chcp.com"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Windows\System32\chcp.com
    C:\Windows\System32\chcp.com
    3⤵
    PID:2704
- C:\Windows\System32\chcp.com
  "C:\Windows\System32\chcp.com" 65001
  2⤵
  PID:1880
- C:\Windows\System32\chcp.com
  "C:\Windows\System32\chcp.com" 437
  2⤵
  PID:2368