84d82262b0e37ba0c02e894487e1729d98cbd3f5eab98306079c0ad54a4cb99c

Analysis

max time kernel
13s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 01:59

Target

翎动工作室万能批处理工具V2.0版.bat
Size

218KB
MD5

4e87ab236478dedf6fd3af829472cad7
SHA1

a47c0e44414faf58485cb9ccdbd8c837809410f7
SHA256

1eea51bfa476dcbbd416249d7c11c28d863c5476d9df8df3af39fb2eb061d8aa
SHA512

194d740375d3851e94781db105ea90d100480a6a7bfafc1478c50df4af696afa02ed0ec67d90c1f9ad2d95d1807edd50533ef251d917fc68d21cbb10a8e39c57
SSDEEP

1536:bjCjh1jERijA5MTwg/j8OZX5uXiJ8ESUS66EEXiAZp1jJhfj8JjMJjlVj5EjWyjT:/OKAjaYuCSUSgS1g2DD9grmMMgMHjE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2736	2924	cmd.exe	30
PID 2924 wrote to memory of 2736	2924	cmd.exe	30
PID 2924 wrote to memory of 2736	2924	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\翎动工作室万能批处理工具V2.0版.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\system32\mode.com
  mode con cols=80 lines=32
  2⤵
  PID:2736