Analysis Overview
SHA256
1af658a603f6a6457ffdc78ce3ad2a06d2c652d6b163983cc2e37608367265b7
Threat Level: Likely malicious
The file INSTALL_Mangio-RVC-v23.7.0_INFER_TRAIN.bat was found to be: Likely malicious.
Malicious Activity Summary
Download via BitsAdmin
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-02 19:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-02 19:39
Reported
2024-08-02 19:40
Platform
win7-20240705-en
Max time kernel
16s
Max time network
17s
Command Line
Signatures
Download via BitsAdmin
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bitsadmin.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2144 wrote to memory of 2396 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\bitsadmin.exe |
| PID 2144 wrote to memory of 2396 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\bitsadmin.exe |
| PID 2144 wrote to memory of 2396 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\bitsadmin.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\INSTALL_Mangio-RVC-v23.7.0_INFER_TRAIN.bat"
C:\Windows\system32\bitsadmin.exe
bitsadmin /transfer "infertraindwnl" /download /priority FOREGROUND "https://huggingface.co/MangioRVC/Mangio-RVC-Huggingface/resolve/main/Mangio-RVC-v23.7.0_INFER_TRAIN.7z" "C:\Users\Admin\AppData\Local\Temp\Mangio-RVC-v23.7.0_INFER_TRAIN.7z"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | huggingface.co | udp |
| US | 3.165.148.114:443 | huggingface.co | tcp |
| US | 3.165.148.114:443 | huggingface.co | tcp |
Files
Analysis: behavioral2
Detonation Overview
Reported
0001-01-01 00:00