b31e49a3a4f4d405774a36753be099503aec1ab14fbcba5bb885b5d31e9f8216

Analysis

max time kernel
719s
max time network
726s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 01:00

Target

Controller.bat
Size

772B
MD5

30a5dda500ce3c599c32068661a88fed
SHA1

76bfb4a510c537d64f07cfb75842aeddfa32f05a
SHA256

b31e49a3a4f4d405774a36753be099503aec1ab14fbcba5bb885b5d31e9f8216
SHA512

87396fe08b20e4ef6eb2076c8c22584c7a5775a884ffe4d789dbb0264cc4a1806ae78216ebc1c825849c8248c6bad983db29b538575b536ccb9bb0dbdd8b3c12

Score

1^/10

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 296 wrote to memory of 1956	296	cmd.exe	29
PID 296 wrote to memory of 1956	296	cmd.exe	29
PID 296 wrote to memory of 1956	296	cmd.exe	29
PID 296 wrote to memory of 1276	296	cmd.exe	30
PID 296 wrote to memory of 1276	296	cmd.exe	30
PID 296 wrote to memory of 1276	296	cmd.exe	30
PID 296 wrote to memory of 2176	296	cmd.exe	31
PID 296 wrote to memory of 2176	296	cmd.exe	31
PID 296 wrote to memory of 2176	296	cmd.exe	31
PID 296 wrote to memory of 1848	296	cmd.exe	32
PID 296 wrote to memory of 1848	296	cmd.exe	32
PID 296 wrote to memory of 1848	296	cmd.exe	32
PID 296 wrote to memory of 1536	296	cmd.exe	33
PID 296 wrote to memory of 1536	296	cmd.exe	33
PID 296 wrote to memory of 1536	296	cmd.exe	33
PID 296 wrote to memory of 2284	296	cmd.exe	34
PID 296 wrote to memory of 2284	296	cmd.exe	34
PID 296 wrote to memory of 2284	296	cmd.exe	34

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Controller.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:296
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" /F /V "HwSchMode" /T REG_DWORD /d "2"
  2⤵
  PID:1956
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters" /F /V "TCPNoDelay" /T REG_DWORD /d "1"
  2⤵
  PID:1276
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl" /F /V "Win32PrioritySeparation" /T REG_DWORD /d "40"
  2⤵
  PID:2176
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MMCSS" /F /V "Start" /T REG_DWORD /d
  2⤵
  PID:1848
- C:\Windows\system32\reg.exe
  reg.exe add "HKLM\SYSTEM\CurrentControlSet\Enum\%a\Device Parameters" /v SelectiveSuspendOn /t REG_DWORD /d 00000000 /f
  2⤵
  PID:1536
- C:\Windows\system32\reg.exe
  reg.exe add "HKLM\SYSTEM\CurrentControlSet\Enum\%a\Device Parameters" /v SelectiveSuspendEnabled /t REG_BINARY /d 00 /f
  2⤵
  PID:2284