Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-06-2024 17:26
Static task
static1
Behavioral task
behavioral1
Sample
D1_Free_Tweaking_Utility.bat
Resource
win11-20240508-en
1 signatures
150 seconds
General
-
Target
D1_Free_Tweaking_Utility.bat
-
Size
82KB
-
MD5
8d4c3d728b03826e4bb9c8689b3de336
-
SHA1
897f69705fa904cc147d95b1ad9b04d4a5dd4633
-
SHA256
8fe4a070e3798563bdb315465f8b9e3d187e07934e799e1f96ad3460e7df8e92
-
SHA512
6ccfe6e30e346b5f603352aeaf1cca6140e0d34dca6bf2f6aad93fb918af783cd0d83d694dd931bed4afac02d151ff123d20d793a0693f09af01a4eb4a525fe0
-
SSDEEP
768:o+xLL2QLQp9Af4dLiLnYMiEpowuzd7Q/cJSirt:fX50pufMbMi6Cx
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exedescription pid process target process PID 1056 wrote to memory of 4584 1056 cmd.exe cmd.exe PID 1056 wrote to memory of 4584 1056 cmd.exe cmd.exe PID 1056 wrote to memory of 72 1056 cmd.exe chcp.com PID 1056 wrote to memory of 72 1056 cmd.exe chcp.com PID 1056 wrote to memory of 2328 1056 cmd.exe mode.com PID 1056 wrote to memory of 2328 1056 cmd.exe mode.com
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D1_Free_Tweaking_Utility.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"2⤵PID:4584
-
C:\Windows\system32\chcp.comchcp 650012⤵PID:72
-
C:\Windows\system32\mode.commode 10002⤵PID:2328