199879ac19872d6b0ff820d8f502062f0efea37867b937dc04580cf170b8228d

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 06:54

Target

JIGUtility_V2.0.8.0_20230112/ASUSR_ParsingRecord/ASUSR_ParsingRecord/ASUSFLS.cmd
Size

567B
MD5

490c7401bc7a4acdbc9bf3cf524a1ba0
SHA1

3606d3d7864223e7a8a1db2b7e192594f59353b2
SHA256

51d734361b2474d9077bcf863415b9d44365f18b6ad27c5f219ea12e99c197ce
SHA512

c6ded98733b9f6a04de1cd800b9ec478aa8da24d856b90217bc7aefcea12dfa541e41aac7d2dac018ebc8a618c3e2f35fa94b862686f93d3b8cee5d14c328989

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 852	544	cmd.exe	87
PID 544 wrote to memory of 852	544	cmd.exe	87
PID 544 wrote to memory of 852	544	cmd.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSFLS.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.exe
  .\ASUSR_ParsingRecord.exe /flash /SERIAL_NO /ISN_NO /JB_TEST_TYPE /JB_TEST_START_TIME /JB_HW_VERSION /JB_FW_VERSION /JB_BIOS_UPDATE_TIME /JB_UTILITY_AP_VERSION /JB_BIOS_UPDATE_VERSION /JB_BIOS_UPDATE_RESULT /filename -a
  2⤵
  PID:852