f136d9af450458b542c4f82c962b79e0e65148096d6f51ce9071d9574aef08f9 | Triage

Analysis

max time kernel
5s
max time network
0s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 13:10

Sharing

Report Analysis Logs

General

Target

Clean Temp Files.bat
Size

1KB
MD5

f1cb8d7d6bec08af80781146c63029de
SHA1

8809fd822be56b7f90c94c8eaf783898ff28f632
SHA256

f136d9af450458b542c4f82c962b79e0e65148096d6f51ce9071d9574aef08f9
SHA512

38c8532ae6adf03959c231dd48d5a96968d3872783cc500ce166bcfb4fbd6e77e5d953c7eef27ab1296669ca88d0ee74d742df978fcd6f3d39af436aec002f33

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1724	cmd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2324	1724	cmd.exe	29
PID 1724 wrote to memory of 2324	1724	cmd.exe	29
PID 1724 wrote to memory of 2324	1724	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Clean Temp Files.bat"
1⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads