63b3839dc82c4080192b0181cc8296f1ff1841e2c820260d41544795d70415c5

Analysis

max time kernel
16s
max time network
20s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 17:31

Target

discord-image-logger-main/builder.bat
Size

14.9MB
MD5

70a53c5ec35eefae927a0c413a89937a
SHA1

1bc9a22903968bfc05b87c1082a5c4242802d4dd
SHA256

a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d
SHA512

c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae
SSDEEP

49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S

Score

4^/10

Drops file in Windows directory 2 IoCs

Processes:

cmd.exe

description	ioc	process
File created	C:\Windows\$sxr-seroxen2\$sxr-Uni.bat	cmd.exe
File opened for modification	C:\Windows\$sxr-seroxen2\$sxr-Uni.bat	cmd.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exenet.exe

description	pid	process	target process
PID 1384 wrote to memory of 2220	1384	cmd.exe	net.exe
PID 1384 wrote to memory of 2220	1384	cmd.exe	net.exe
PID 1384 wrote to memory of 2220	1384	cmd.exe	net.exe
PID 2220 wrote to memory of 2812	2220	net.exe	net1.exe
PID 2220 wrote to memory of 2812	2220	net.exe	net1.exe
PID 2220 wrote to memory of 2812	2220	net.exe	net1.exe

C:\Windows\system32\net.exe
net session
2⤵
- Suspicious use of WriteProcessMemory
PID:2220