419c51d8608fe5b1c3fa9c033f82433c9838bed880c5316c8d81e753436fe994

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 23:54

Target

Windows-Activator-main/Windows-Activator.bat
Size

16KB
MD5

6c4a49f9d6cc22f3d177140477d22c0e
SHA1

bbfd0c0603a23f9e8dfecbcbdcd5cf7db3473c92
SHA256

408262209ea1b70bc6b65a2c01caa7a06f2ab72191189b9e3cb3f256129474ab
SHA512

cfcc50da5ba0651299cb45163f920e5c503d4afd399998c9f6c93b583cca55f85a40633b93a037e00f732fd342b286e33d1be4a707cb56130043373107735682
SSDEEP

384:WlWMFEhZDW4KpO42db+xHo/1C7RcI3CwXgOHIb:eFEhpoZHo/1C7Rt3CwXgOHg

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 2248	1572	cmd.exe	85
PID 1572 wrote to memory of 2248	1572	cmd.exe	85
PID 1572 wrote to memory of 4304	1572	cmd.exe	86
PID 1572 wrote to memory of 4304	1572	cmd.exe	86
PID 1572 wrote to memory of 5052	1572	cmd.exe	87
PID 1572 wrote to memory of 5052	1572	cmd.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Windows-Activator-main\Windows-Activator.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\system32\fltMC.exe
  fltmc
  2⤵
  PID:2248
- C:\Windows\system32\mode.com
  mode con cols=60 lines=25
  2⤵
  PID:4304
- C:\Windows\system32\choice.exe
  choice /C:12345 /N /M "YOUR CHOICE : "
  2⤵
  PID:5052