1b7e2af89241451834cdf0c832c16057eac3d38a1517f74f33846761c0795028 | Triage

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 10:01

Sharing

Report Analysis Logs

General

Target

Stealer.bat
Size

227B
MD5

eef5f9951b146ad94373283384a56a05
SHA1

0224d42a94ff495ca84728cdb87316dbcdbe8f23
SHA256

1b7e2af89241451834cdf0c832c16057eac3d38a1517f74f33846761c0795028
SHA512

ff3a690fc5c7ce036e0c3036b6b11db8635b2401be780d0de35102eec3af12227fd74bfd48de9afd1b9a3e4c7d6f3b6dfe8d11f61e27428f5f7fd565c26d3ebc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 3344	3316	cmd.exe	84
PID 3316 wrote to memory of 3344	3316	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Stealer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Windows\system32\findstr.exe
  findstr /C:"RUN_NPM_UPDATE" "C:\Users\Admin\AppData\Local\Temp\\STATUS.txt"
  2⤵
  PID:3344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads