399efc808c340d4e32c0ee8cb7fd2a9e0619dedc8d7fa37fe54ebbec667ce371 | Triage

Analysis

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
30/06/2024, 20:40

Sharing

Report Analysis Logs

General

Target

b.bat
Size

1002B
MD5

640479c35a96e039f98c36294ea5eba1
SHA1

abe534da8236c9f6c3a0c95a8b6c822a48d49b7f
SHA256

399efc808c340d4e32c0ee8cb7fd2a9e0619dedc8d7fa37fe54ebbec667ce371
SHA512

938f708a4a1c6c74ac7214c90e693d9d445dcccf45cbd81c64351ffa5ad52ab82639431bef3afa14ba88f453c3681793541714c4b92bad4b558772d8d5983d90

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 3628	4476	cmd.exe	79
PID 4476 wrote to memory of 3628	4476	cmd.exe	79
PID 3628 wrote to memory of 2548	3628	net.exe	80
PID 3628 wrote to memory of 2548	3628	net.exe	80

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3628
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads