Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 21:54

General

  • Target

    VisualBat/常用实例/3.列举进程.bat

  • Size

    240B

  • MD5

    a6d4b74e7d95d768bd5d75c55eabd6df

  • SHA1

    1e27c2097e7cb233ce6071d976f693408ef6e148

  • SHA256

    d8492cdb7e71ec876c9dd805653dc3ab364d0de4605db7040de21ba6b66d377a

  • SHA512

    6b66b7c5be586afd54afcbcf0e474e2877b2fe8fced4e72340ef3b1837702640f4b32b75862e9b5a495770f54187f7efbc25e08e1b191100c570fae7a31b7526

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\VisualBat\常用实例\3.列举进程.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4324
    • C:\Windows\system32\cscript.exe
      cscript //nologo ps.vbs
      2⤵
        PID:4316

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\VisualBat\常用实例\ps.vbs

      Filesize

      152B

      MD5

      2c1a4d5dcbf8b87285a26200558e8f23

      SHA1

      056fadbc5cbc20f37723a85a468e1b5a5ab6eeab

      SHA256

      9323e21d8a0e6ca5bbe89bb13c7c652c75483e82cb1b2abad38606a30d02326e

      SHA512

      c1d37adcd913cd5b9230c7b0509354d6494b12eaf6aa02e75098a5d14381933fc934cf387ccb416bba917d2bc89f56b6b5f80256df95eef042cc4f44ddad2b9e