d4dc352f244d7ece353619ac58c70216d182d0cb8aa8bafdeda815a9fd4d51da

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 01:03

Target

Biggest Tweaks/ExclusiveTweaks/Exclusive Folder Two/ExclusiveBatchTwo.bat
Size

27KB
MD5

a306c6bf359016c1eb84ad3eeb56834a
SHA1

c1ec6c952742f45728108ed63487ab4feef97eaf
SHA256

a41ed74c23ebae1196fa30348c4c8e7adad678486ece9ddc4647e4695b1ac86e
SHA512

f14e43704a2e5276176d1dd45e8427cc7cd4a7442918877cad529836f82762cc6bcb4a623c1a927f249c04c292261b65f0d005cb4eeac5dcc15023dc5162dbb5
SSDEEP

192:iVOXRgXg5ygzpQyAGMuLn5bLfohdeBYoAx:CKRgXgYg1QTuL5bLwgAx

Score

1^/10

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 2904	1840	cmd.exe	29
PID 1840 wrote to memory of 2904	1840	cmd.exe	29
PID 1840 wrote to memory of 2904	1840	cmd.exe	29
PID 1840 wrote to memory of 2320	1840	cmd.exe	30
PID 1840 wrote to memory of 2320	1840	cmd.exe	30
PID 1840 wrote to memory of 2320	1840	cmd.exe	30
PID 2320 wrote to memory of 1664	2320	cmd.exe	31
PID 2320 wrote to memory of 1664	2320	cmd.exe	31
PID 2320 wrote to memory of 1664	2320	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Biggest Tweaks\ExclusiveTweaks\Exclusive Folder Two\ExclusiveBatchTwo.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Windows\system32\mode.com
  mode 800
  2⤵
  PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Biggest Tweaks\ExclusiveTweaks\Exclusive Folder Two\ExclusiveBatchTwo.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Windows\system32\findstr.exe
    findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Biggest Tweaks\ExclusiveTweaks\Exclusive Folder Two\ExclusiveBatchTwo.bat"
    3⤵
    PID:1664