2a8166c1d74289e71b18c69822a62a1734cdc8b72de9f753d8df91f446661c97 | Triage

Analysis

max time kernel
12s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 12:23

Sharing

Report Analysis Logs

General

Target

cs 1.6.bat
Size

145B
MD5

4db52fa85b5921c63a2682d3f9fd9c31
SHA1

a996c4e5fc52e592dcc611824b4e779a70d3e9e1
SHA256

2a8166c1d74289e71b18c69822a62a1734cdc8b72de9f753d8df91f446661c97
SHA512

4d85bea808726734a731f94014059c4910be25e2ec7cf3daa917976ede30ccf905982ad2db08c1575d24337934640d808fc0fe6aea8638543d7f263b3dc4fad9

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 3168	4968	cmd.exe	83
PID 4968 wrote to memory of 3168	4968	cmd.exe	83
PID 3168 wrote to memory of 3800	3168	net.exe	84
PID 3168 wrote to memory of 3800	3168	net.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cs 1.6.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\system32\net.exe
  net user Admin qawsed
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3168
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user Admin qawsed
    3⤵
    PID:3800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads