9ef018c8c1dfaf529ee32c2a9a60b4c93d053d0691e6a874c58c3e43347d3861 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
17-06-2024 21:27

Sharing

Report Analysis Logs

General

Target

dropper_1.bat
Size

4KB
MD5

ab9f827127346feb12cbe8d2329ba798
SHA1

70f504600f0452121b04f3f82e76b22c9d085c35
SHA256

9ef018c8c1dfaf529ee32c2a9a60b4c93d053d0691e6a874c58c3e43347d3861
SHA512

16af3002cda0e2861f2ba89bb69f97aaf3ed5b1fdcfdf67a9318e48079ac17d97902744359d4d55513b6c21c06fc85b6d09047a98677f86f2655782b0d23e438
SSDEEP

48:61jKP/WlIqQ9+iCObFg/7gGcK+hrZaw0JUrSXYSlDI6p8536anO6jiF6ydr6okSY:ZP/HVbxawsUrCczjig

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1720 wrote to memory of 2716	1720	cmd.exe	chcp.com
PID 1720 wrote to memory of 2716	1720	cmd.exe	chcp.com
PID 1720 wrote to memory of 2716	1720	cmd.exe	chcp.com

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\dropper_1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\system32\chcp.com
chcp 65001
2⤵
PID:2716

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...