Analysis Overview
score
1/10
SHA256
8fe4a070e3798563bdb315465f8b9e3d187e07934e799e1f96ad3460e7df8e92
Threat Level: No (potentially) malicious behavior was detected
The file D1_Free_Tweaking_Utility.bat was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-13 17:26
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 17:26
Reported
2024-06-13 17:29
Platform
win11-20240508-en
Max time kernel
146s
Max time network
150s
Command Line
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D1_Free_Tweaking_Utility.bat"
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1056 wrote to memory of 4584 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\cmd.exe |
| PID 1056 wrote to memory of 4584 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\cmd.exe |
| PID 1056 wrote to memory of 72 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\chcp.com |
| PID 1056 wrote to memory of 72 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\chcp.com |
| PID 1056 wrote to memory of 2328 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\mode.com |
| PID 1056 wrote to memory of 2328 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\mode.com |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D1_Free_Tweaking_Utility.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\mode.com
mode 1000
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
N/A