a77210dc3ae1df36cab033e2b52ca8c656bd5cbc5257a79220526f32f4bf5949

Analysis

max time kernel
113s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 22:17

Target

Driver/x64/Driver_Remove.bat
Size

332B
MD5

1e6abbfce3da92689e4074ee6e6f916e
SHA1

a3a645d2c8b5413c27510bbd96f361e3a59991d5
SHA256

62d5bde41160fcf92f8267b013bedda86b9fe8dcb7f9e419948c6ad2dfd9ae0e
SHA512

d1b3eabd9f9f5207563162e1c19f8ddc1d314562f6bce65d9342cabd12e5ee99cf78bf39e1ad08eb39edf44cc3932a784222cd8f17a1e4d7b8c3b224b3f1a64c

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 212	1036	cmd.exe	98
PID 1036 wrote to memory of 212	1036	cmd.exe	98
PID 1036 wrote to memory of 3644	1036	cmd.exe	99
PID 1036 wrote to memory of 3644	1036	cmd.exe	99
PID 1036 wrote to memory of 1668	1036	cmd.exe	100
PID 1036 wrote to memory of 1668	1036	cmd.exe	100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Driver\x64\Driver_Remove.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Users\Admin\AppData\Local\Temp\Driver\x64\DIFxCmd.exe
  DIFxCmd.exe /u HidFiltr_Evi.inf 2.DRIVER_PACKAGE_SILENT 4.DRIVER_PACKAGE_FORCE 32.DRIVER_PACKAGE_DELETE_FILES
  2⤵
  PID:212
- C:\Users\Admin\AppData\Local\Temp\Driver\x64\DIFxCmd.exe
  DIFxCmd.exe /u MouFiltr_Evi.inf 2.DRIVER_PACKAGE_SILENT 4.DRIVER_PACKAGE_FORCE 32.DRIVER_PACKAGE_DELETE_FILES
  2⤵
  PID:3644
- C:\Users\Admin\AppData\Local\Temp\Driver\x64\DIFxCmd.exe
  DIFxCmd.exe /u KbFiltr_Evi.inf 2.DRIVER_PACKAGE_SILENT 4.DRIVER_PACKAGE_FORCE 32.DRIVER_PACKAGE_DELETE_FILES
  2⤵
  PID:1668