a0457d69830ac38f45f672e712b46a3ee2d57c504e251eca446c3f7b68cb8b8e | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 21:54

Sharing

Report Analysis Logs

General

Target

VisualBat/常用实例/1.DLL组件注册.bat
Size

92B
MD5

a35e1fb3c9c8df5dedaa3921f3a13f19
SHA1

06b55b39f65a8ea5bd67cf9254d4332ca5dfe86e
SHA256

a91c8035c2f3e45600e2a86069822f37ca57524402ed7bdef7d863f40fee4a93
SHA512

59bebfa2df5210ebe25447273589abc0636799db7ea6954661dabdcbbaad583accddb83864b4a401246aa85f0ddae22cdbfb8e3da59f9c3591b10ea5dc12885e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 2996	5072	cmd.exe	86
PID 5072 wrote to memory of 2996	5072	cmd.exe	86
PID 5072 wrote to memory of 4904	5072	cmd.exe	87
PID 5072 wrote to memory of 4904	5072	cmd.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\VisualBat\常用实例\1.DLL组件注册.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s shdocvw.dll ╫Θ╝■╫ó▓ß
  2⤵
  PID:2996
- C:\Windows\system32\regsvr32.exe
  regsvr32 /u /s shdocvw.dll ╫Θ╝■▓╗╫ó▓ß
  2⤵
  PID:4904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads