309a825d05db113903e7d65bc2b9335f76d1c95f80a7492c3aee1999a47dc2ee | Triage

Resubmissions

03-06-2024 00:48

240603-a58fkadb7v 1

03-06-2024 00:39

240603-az539aeb75 1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 00:48

Sharing

Report Analysis Logs

General

Target

instant_death.bat
Size

436B
MD5

b0799a62c132c37b9f28cef7a80550b4
SHA1

5abdb7fc08c0b319ff9fea4f0ec471eb24f0af05
SHA256

309a825d05db113903e7d65bc2b9335f76d1c95f80a7492c3aee1999a47dc2ee
SHA512

32fd6ba592b57dd73758aa3b249cf5c5764e36c68e23cbd4ff2b5b3471a5d47057085f149f5b6b949560016afb33e020446a17647493969a070f7fe9595a0586

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2516	1364	cmd.exe	29
PID 1364 wrote to memory of 2516	1364	cmd.exe	29
PID 1364 wrote to memory of 2516	1364	cmd.exe	29
PID 1364 wrote to memory of 2268	1364	cmd.exe	30
PID 1364 wrote to memory of 2268	1364	cmd.exe	30
PID 1364 wrote to memory of 2268	1364	cmd.exe	30
PID 1364 wrote to memory of 2596	1364	cmd.exe	33
PID 1364 wrote to memory of 2596	1364	cmd.exe	33
PID 1364 wrote to memory of 2596	1364	cmd.exe	33

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\instant_death.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\system32\manage-bde.exe
  manage-bde -on C: -Force
  2⤵
  PID:2516
- C:\Windows\system32\manage-bde.exe
  manage-bde -on D: -Force
  2⤵
  PID:2268
- C:\Windows\system32\msg.exe
  msg * "Say goodbye to your PC!"
  2⤵
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads