63a1dd737ae000808186217534c5e1a1731316d16bead76e8f28d707cfdaa3d1 | Triage

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 13:14

Sharing

Report Analysis Logs

General

Target

tzcourse.bat
Size

115B
MD5

35d5330c2b027dceec05ecdfbafe4667
SHA1

70b7144f919a14a6f3cef67670687cc0e2d02723
SHA256

63a1dd737ae000808186217534c5e1a1731316d16bead76e8f28d707cfdaa3d1
SHA512

c4954c6b4d21d5cd0eb5d7e95d187e0df95add86b5b7df9f581d39119b411be0ee6c2d8fbc874f9b91e75e582c22f19a5040d9db50ac37b72bcffd0382079352

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 4340	2504	cmd.exe	83
PID 2504 wrote to memory of 4340	2504	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tzcourse.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\system32\curl.exe
  curl http://yqc.qichuangedu.cn/qczhtthinkphp/index.php/Admin/Wxsend/wxsend
  2⤵
  PID:4340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads