0e2a3cf307da699e1cab9e10053c286c4138f60d46f59c1d8ce50c2dd3f76087 | Triage

Analysis

max time kernel
17s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 21:46

Sharing

Report Analysis Logs

General

Target

Extreme_V3.bat
Size

284KB
MD5

ee3ffcff4302fe8aec21652c30b72e01
SHA1

d9d7d6d9b549a2bf79b47a09bcffc678e1338c9e
SHA256

0e2a3cf307da699e1cab9e10053c286c4138f60d46f59c1d8ce50c2dd3f76087
SHA512

435f4739fab0f44a9b6c2a36b6919b7bc8baf72625caeb73653f47fa387ddea9c7d5adaa2dce9571152c563cec17eaff3ae9ec9635e78905167a90ba76ef588a
SSDEEP

1536:gjgQDYzxJBW82PopHDat0cNL/GhByWVearnQ49Xg:UgQDYs8HVWqVrnQ4Rg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 1708	2572	cmd.exe	31
PID 2572 wrote to memory of 1708	2572	cmd.exe	31
PID 2572 wrote to memory of 1708	2572	cmd.exe	31
PID 2572 wrote to memory of 1880	2572	cmd.exe	32
PID 2572 wrote to memory of 1880	2572	cmd.exe	32
PID 2572 wrote to memory of 1880	2572	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Extreme_V3.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:1708
- C:\Windows\system32\mode.com
  mode 720,400
  2⤵
  PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads