b16048a37c4e5e7cbe23a02ae21ac8140cbbb7575edfcd7de23b11664b9a507d

Analysis

max time kernel
100s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
07/08/2024, 11:05

Target

release/run.bat
Size

10KB
MD5

8939639a847e160b2d3572be50533abc
SHA1

611cc2606a159fa7bd96b2a1eddd9dade4fed729
SHA256

6fdd1e8b0effaf4dcc91556eb8dd0408b487b9a5e53388d5cea3c766f2e1a8e0
SHA512

90c682377f460873854f57ee8cecb40d236a02a90e4523753a96968dfda2eb889ccfe422274ed4a8daa1555c205d66be14936c16abb4399ef7c1859d9928fb10
SSDEEP

96:cT8T9OB3dwnXnLcKrgsH0EB+yddAAalXlH45WdLBkUzCviv:cw2Wn3wigbEw0ilXlSuVkUGE

Score

1^/10

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 3044	3452	cmd.exe	79
PID 3452 wrote to memory of 3044	3452	cmd.exe	79
PID 3452 wrote to memory of 4632	3452	cmd.exe	80
PID 3452 wrote to memory of 4632	3452	cmd.exe	80
PID 3452 wrote to memory of 1396	3452	cmd.exe	81
PID 3452 wrote to memory of 1396	3452	cmd.exe	81
PID 3452 wrote to memory of 860	3452	cmd.exe	82
PID 3452 wrote to memory of 860	3452	cmd.exe	82
PID 3452 wrote to memory of 3868	3452	cmd.exe	83
PID 3452 wrote to memory of 3868	3452	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\release\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ver
  2⤵
  PID:3044
- C:\Windows\System32\reg.exe
  reg query "HKCU\Console" /v ForceV2
  2⤵
  PID:4632
- C:\Windows\System32\find.exe
  find /i "0x0"
  2⤵
  PID:1396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\release\run.bat" "
  2⤵
  PID:860
- C:\Windows\System32\find.exe
  find /i "C:\Users\Admin\AppData\Local\Temp"
  2⤵
  PID:3868