47961c394d3b03bd1670e702b2ac59071dc54535657c82772e08e0a2d767b7c4

Analysis

max time kernel
391s
max time network
1119s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 13:31

Target

mineways/scripting/mineways_annotate_map.bat
Size

1KB
MD5

e02f2911bd61ddeba21caa2ec8f83b61
SHA1

7c2352bc071a6a3bcc666777a1326a0c4a87965f
SHA256

505b5ff8684057a2cbad96448a81f82124e0385343ca95912bc9b89af6b935a3
SHA512

b363f7968a3d3b2435fee7bcde894ebb41d8257fc8748243197a135800982c924611e2be382cc087b5d64bf76d37d936138148aff8db87a497f11550067705ba

Score

1^/10

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 1576	2836	cmd.exe	83
PID 2836 wrote to memory of 1576	2836	cmd.exe	83
PID 2836 wrote to memory of 2768	2836	cmd.exe	84
PID 2836 wrote to memory of 2768	2836	cmd.exe	84
PID 2836 wrote to memory of 2768	2836	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\mineways\scripting\mineways_annotate_map.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\mineways\Mineways.exe
  ..\Mineways.exe -m load_world.mwscript export_map.mwscript close.mwscript
  2⤵
  PID:1576
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python annotate_map.py my_world_map.png -1024 -512 my_annotated_map.png
  2⤵
  PID:2768