b913899afa3741ed46315f6c1491e5777a3c1cf46a1d05a433af0d74ecb66cba | Triage

Analysis

max time kernel
144s
max time network
163s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06-07-2024 13:55

Sharing

Report Analysis Logs

General

Target

Apex-CV-YOLO-v8-Aim-Assist-Bot-main/Ape-xCV.bat
Size

57B
MD5

9de3dc26a5f84915cbdffa66ae084e5b
SHA1

b40373544204b06a5a9c5d406b3d0ddcd365f254
SHA256

9dad6184f3451e2b38dd2d93c9fd383acf2d35b0dd843622ced726b2cbd6441d
SHA512

70a8d8b835e5679f116fd0820b4ce1bef5cab0da8c6bb6d2e99232136703447f5169cee7a038e9508a0ff15e9b21d6aea1dac9c34f2f270f5bf077b146b5eff9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 3600	1156	cmd.exe	80
PID 1156 wrote to memory of 3600	1156	cmd.exe	80
PID 1156 wrote to memory of 3600	1156	cmd.exe	80

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Apex-CV-YOLO-v8-Aim-Assist-Bot-main\Ape-xCV.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python main.py
  2⤵
  PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
487B

MD5
862448c9d7f10cb82260ee92f168ece8

SHA1
64decb25d53629f305ab8174150f2d93ec232da9

SHA256
54a237086c92524fe7153065a06cb8e8f5e5453d1a05c4eaa37bccd1068778df

SHA512
9417c8a1bc681f912087657d9a01819b7b7dee5bdc3bcc2d0cb4e4d92a3cd30116388e385ce49613f113c998110560fc93536611a938d56ce4c2d73388486498

Download Submit