c864ab5ef50b025944037f9ee0feec332ca62a734f7650e6c411617d1b7dc174 | Triage

Analysis

max time kernel
45s
max time network
17s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 18:05

Sharing

Report Analysis Logs

General

Target

run.bat
Size

73B
MD5

ed0af6063e22a6abf2073ba2321a9731
SHA1

0142b9f8e7518951113104f13e53c1fa24bd654a
SHA256

c9ee9421067791957a1382ef092232b20ed90ba30feb6bd2d6c16c86307e9e16
SHA512

02c24d1189114ecacc78adcdd7e0e6331ac8c349e70b382ed964d2d57c9456e7891092cc5bf224a126522073b0164eec1eba3e5e16eff3c81254aba1d1ca9b88

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2756	install.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2756	2952	cmd.exe	29
PID 2952 wrote to memory of 2756	2952	cmd.exe	29
PID 2952 wrote to memory of 2756	2952	cmd.exe	29
PID 2952 wrote to memory of 2756	2952	cmd.exe	29
PID 2952 wrote to memory of 2756	2952	cmd.exe	29
PID 2952 wrote to memory of 2756	2952	cmd.exe	29
PID 2952 wrote to memory of 2756	2952	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\install.exe
  "install.exe"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads