536515ca1e57321c5de664441d3394c4cd63c603183e257275188b3a9e168477 | Triage

Analysis

max time kernel
132s
max time network
123s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10/07/2024, 20:46

Sharing

Report Analysis Logs

General

Target

nzbget-command-shell.bat
Size

1KB
MD5

0d0236fbf398240a4ba5ff34f0e01d45
SHA1

c28bb6b7c98d10ce6e97942b659b8b7b01a77370
SHA256

7be2e40ef3ced04313995ea9caa9ad348319df46cea3cab40332cf9e1c389b06
SHA512

3cca63c6249fd4c5288122abbc37108bd568c3123d0a60cc1c55ecae067e398176118725fc0261dab4a7120ab18b4d153015fa033841afd62a046487dc86458e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 968	1564	cmd.exe	83
PID 1564 wrote to memory of 968	1564	cmd.exe	83
PID 968 wrote to memory of 2184	968	cmd.exe	84
PID 968 wrote to memory of 2184	968	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\nzbget-command-shell.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\system32\cmd.exe
  cmd /U /K "cd C:\Users\Admin & nzbget"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:968
- - C:\Users\Admin\AppData\Local\Temp\nzbget.exe
    nzbget
    3⤵
    PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads