fc645064c613b4cf7b63a5e87bcd3cda419f70f6f4b4738f983597d3f6747855

Analysis

max time kernel
16s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Password locked.bat
Size

328B
MD5

7da75566d79451370d6bdc678ea517d4
SHA1

1326807ed1b768e2ba50dfc2d3976bac117af4d4
SHA256

fc645064c613b4cf7b63a5e87bcd3cda419f70f6f4b4738f983597d3f6747855
SHA512

f97a5ab36570e7c9a7ae24c72b4c0932a44e4525ae4ab539037ca2dbfdfec8df9a81ef9bc89735c80d96d473800ccef060002c71b0b1b7703d6cc58ab9222636

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 4216	3704	cmd.exe	88
PID 3704 wrote to memory of 4216	3704	cmd.exe	88
PID 3704 wrote to memory of 2156	3704	cmd.exe	89
PID 3704 wrote to memory of 2156	3704	cmd.exe	89
PID 3704 wrote to memory of 4100	3704	cmd.exe	91
PID 3704 wrote to memory of 4100	3704	cmd.exe	91
PID 3704 wrote to memory of 1692	3704	cmd.exe	93
PID 3704 wrote to memory of 1692	3704	cmd.exe	93
PID 3704 wrote to memory of 660	3704	cmd.exe	94
PID 3704 wrote to memory of 660	3704	cmd.exe	94
PID 3704 wrote to memory of 2636	3704	cmd.exe	96
PID 3704 wrote to memory of 2636	3704	cmd.exe	96
PID 3704 wrote to memory of 2424	3704	cmd.exe	97
PID 3704 wrote to memory of 2424	3704	cmd.exe	97
PID 3704 wrote to memory of 4240	3704	cmd.exe	98
PID 3704 wrote to memory of 4240	3704	cmd.exe	98
PID 3704 wrote to memory of 1924	3704	cmd.exe	100
PID 3704 wrote to memory of 1924	3704	cmd.exe	100
PID 3704 wrote to memory of 2684	3704	cmd.exe	102
PID 3704 wrote to memory of 2684	3704	cmd.exe	102
PID 3704 wrote to memory of 1120	3704	cmd.exe	103
PID 3704 wrote to memory of 1120	3704	cmd.exe	103
PID 3704 wrote to memory of 1564	3704	cmd.exe	104
PID 3704 wrote to memory of 1564	3704	cmd.exe	104
PID 3704 wrote to memory of 4044	3704	cmd.exe	106
PID 3704 wrote to memory of 4044	3704	cmd.exe	106
PID 3704 wrote to memory of 3696	3704	cmd.exe	108
PID 3704 wrote to memory of 3696	3704	cmd.exe	108
PID 3704 wrote to memory of 2160	3704	cmd.exe	109
PID 3704 wrote to memory of 2160	3704	cmd.exe	109
PID 3704 wrote to memory of 4856	3704	cmd.exe	111
PID 3704 wrote to memory of 4856	3704	cmd.exe	111
PID 3704 wrote to memory of 3756	3704	cmd.exe	112
PID 3704 wrote to memory of 3756	3704	cmd.exe	112
PID 3704 wrote to memory of 2016	3704	cmd.exe	114
PID 3704 wrote to memory of 2016	3704	cmd.exe	114
PID 3704 wrote to memory of 2360	3704	cmd.exe	115
PID 3704 wrote to memory of 2360	3704	cmd.exe	115
PID 3704 wrote to memory of 4052	3704	cmd.exe	117
PID 3704 wrote to memory of 4052	3704	cmd.exe	117
PID 3704 wrote to memory of 3132	3704	cmd.exe	118
PID 3704 wrote to memory of 3132	3704	cmd.exe	118
PID 3704 wrote to memory of 4440	3704	cmd.exe	119
PID 3704 wrote to memory of 4440	3704	cmd.exe	119
PID 3704 wrote to memory of 4360	3704	cmd.exe	121
PID 3704 wrote to memory of 4360	3704	cmd.exe	121
PID 3704 wrote to memory of 1672	3704	cmd.exe	122
PID 3704 wrote to memory of 1672	3704	cmd.exe	122
PID 3704 wrote to memory of 3148	3704	cmd.exe	124
PID 3704 wrote to memory of 3148	3704	cmd.exe	124
PID 3704 wrote to memory of 4104	3704	cmd.exe	126
PID 3704 wrote to memory of 4104	3704	cmd.exe	126
PID 3704 wrote to memory of 4008	3704	cmd.exe	127
PID 3704 wrote to memory of 4008	3704	cmd.exe	127
PID 3704 wrote to memory of 1388	3704	cmd.exe	129
PID 3704 wrote to memory of 1388	3704	cmd.exe	129
PID 3704 wrote to memory of 3308	3704	cmd.exe	130
PID 3704 wrote to memory of 3308	3704	cmd.exe	130
PID 3704 wrote to memory of 3968	3704	cmd.exe	132
PID 3704 wrote to memory of 3968	3704	cmd.exe	132
PID 3704 wrote to memory of 3788	3704	cmd.exe	133
PID 3704 wrote to memory of 3788	3704	cmd.exe	133
PID 3704 wrote to memory of 3344	3704	cmd.exe	135
PID 3704 wrote to memory of 3344	3704	cmd.exe	135

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Password locked.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:4216
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:2156
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:4100
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:1692
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:660
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:2636
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:2424
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:4240
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:1924
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:2684
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:1120
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:1564
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:4044
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:3696
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:2160
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:4856
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:3756
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:2016
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:2360
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:4052
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:3132
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:4440
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:4360
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:1672
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:3148
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:4104
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:4008
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:1388
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:3308
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:3788
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:3344
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:4832
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5108
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:2388
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:2228
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:2732
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:368
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:1832
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:1412
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:452
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:3720
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:3792
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:4656
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:2692
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:3212
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5148
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5180
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5212
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5220
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5288
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5324
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5368
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5400
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5432
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5472
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5512
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5532
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5588
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5612
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5668
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5676
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5740
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5756
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5784
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5832
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5864
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5912
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5944
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5980
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6020
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6044
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6088
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6108
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:5452
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:5528
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6184
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6200
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6244
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6264
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6320
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6344
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6380
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6396
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6456
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6500
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6528
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6552
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6596
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6636
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6692
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6700
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6744
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6752
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6832
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6888
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6916
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6936
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6976
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:6992
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7064
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7096
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7128
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7160
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:6768
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7172
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7228
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7236
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7300
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7308
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7372
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7396
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7436
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7480
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7504
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7552
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7584
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7616
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7672
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7700
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7744
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7772
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7816
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7840
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7896
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7912
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:7948
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7988
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8044
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8060
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8108
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8136
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8188
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7596
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8056
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:7320
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8260
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8292
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8328
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8364
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8392
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8440
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8464
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8484
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8556
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8572
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8608
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8616
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8680
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8708
- C:\Windows\system32\cmd.exe
  "cmd"
  2⤵
  PID:8772
- C:\Windows\system32\notepad.exe
  "notepad"
  2⤵
  PID:8780

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads