Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26/05/2024, 16:54
General
-
Target
PrimoCache/reg/install.bat
-
Size
3KB
-
MD5
b80700284242156e058405a7a5dca822
-
SHA1
55f0ac2603e25b148d4c2c50bb0ba3519ac0f041
-
SHA256
899cbb3e5f112987bd4d98b032c27735c87d5266b17e737d86a7e913c3e5d711
-
SHA512
d73081e80d8c96bf3287ea65a439e4bdee0ab08bb91733825934437f51619cdcf96cc311cbc567c2e2c690f087dbfd9cb325a9d9d2afea7db4418854978554fa
Score
1/10
Malware Config
Signatures
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PrimoCache\reg\install.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp 9362⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ver2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1 /v InstallLocation2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1 /v InstallLocation3⤵
- Modifies registry key
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo \033[91m系统中没有正常安装PrimoCache。"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\PrimoCache\reg\CmdColor.execmdcolor2⤵
-