a0457d69830ac38f45f672e712b46a3ee2d57c504e251eca446c3f7b68cb8b8e | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 21:54

Sharing

Report Analysis Logs

General

Target

VisualBat/常用实例/1.DLL组件注册.bat
Size

92B
MD5

a35e1fb3c9c8df5dedaa3921f3a13f19
SHA1

06b55b39f65a8ea5bd67cf9254d4332ca5dfe86e
SHA256

a91c8035c2f3e45600e2a86069822f37ca57524402ed7bdef7d863f40fee4a93
SHA512

59bebfa2df5210ebe25447273589abc0636799db7ea6954661dabdcbbaad583accddb83864b4a401246aa85f0ddae22cdbfb8e3da59f9c3591b10ea5dc12885e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs

pid	Process
2308	regsvr32.exe
1972	regsvr32.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2308	1724	cmd.exe	31
PID 1724 wrote to memory of 2308	1724	cmd.exe	31
PID 1724 wrote to memory of 2308	1724	cmd.exe	31
PID 1724 wrote to memory of 2308	1724	cmd.exe	31
PID 1724 wrote to memory of 2308	1724	cmd.exe	31
PID 1724 wrote to memory of 1972	1724	cmd.exe	32
PID 1724 wrote to memory of 1972	1724	cmd.exe	32
PID 1724 wrote to memory of 1972	1724	cmd.exe	32
PID 1724 wrote to memory of 1972	1724	cmd.exe	32
PID 1724 wrote to memory of 1972	1724	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\VisualBat\常用实例\1.DLL组件注册.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s shdocvw.dll ╫Θ╝■╫ó▓ß
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2308
- C:\Windows\system32\regsvr32.exe
  regsvr32 /u /s shdocvw.dll ╫Θ╝■▓╗╫ó▓ß
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads