Analysis Overview
SHA256
7c84a9c823de33ef07c1ee94a06ca5c32b9b27696392e3facce7f87b04f6dfeb
Threat Level: No (potentially) malicious behavior was detected
The file submarino.bat was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Kills process with taskkill
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-13 17:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 17:28
Reported
2024-06-13 17:28
Platform
win10v2004-20240508-en
Max time kernel
2s
Max time network
3s
Command Line
Signatures
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3756 wrote to memory of 5088 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\taskkill.exe |
| PID 3756 wrote to memory of 5088 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\taskkill.exe |
| PID 3756 wrote to memory of 4764 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\taskkill.exe |
| PID 3756 wrote to memory of 4764 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\taskkill.exe |
| PID 3756 wrote to memory of 2312 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\taskkill.exe |
| PID 3756 wrote to memory of 2312 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\taskkill.exe |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\submarino.bat"
C:\Windows\system32\taskkill.exe
taskkill / f / im Steam.exe / t
C:\Windows\system32\taskkill.exe
taskkill / f / im Steam.exe / t
C:\Windows\system32\taskkill.exe
taskkill / f / im Steam.exe / t
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |