89b15dd343075c7271ec08f848803709a915526e81831af0a9df53577b5155b5 | Triage

Analysis

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 15:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

start.bat
Size

14B
MD5

92a6f2af2e2bf7d6e64b7821f5400d1c
SHA1

ee3e35bf31da9e6616c1c6a663fd19b4d745a279
SHA256

89b15dd343075c7271ec08f848803709a915526e81831af0a9df53577b5155b5
SHA512

57ebb186b961d2e73bfe554f247b53558cd358bba5716578c355a85caf783087495ca15e981bed2c049e4485bb3d5edf413d90b0e16f68ba95bbdc7f26f5b29f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3428	3984	cmd.exe	81
PID 3984 wrote to memory of 3428	3984	cmd.exe	81
PID 3984 wrote to memory of 3428	3984	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python main.py
  2⤵
  PID:3428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads