6c2e4c5e15176147ab9580ad7f7776b7445e495da651e0aba4e7e4b666b6e6be | Triage

Analysis

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16-08-2024 16:31

Sharing

Report Analysis Logs

General

Target

SyncPro/Script_Run.bat
Size

9KB
MD5

9ee43dc875537f3eac800220e28705b5
SHA1

3b0b5e044994fb0928c094061915b16e2ec9d47d
SHA256

1455fb24a155ed1306966bfb0012a1d8e7467b8b8a5654f1de74162387fedc8e
SHA512

8665274dd307ba7360a7a3d48232b031eac75c705df314722defb04e33430a2f89c660a4dde03a252bb6fd159128f3c8637d425042805bc1b3ce300ece0a01f4
SSDEEP

192:CGBGw1M4Yz/2fSKzRrU7Hq1LYz/2fSKzRrU7HEd:tBGw3+uR+y

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 3996	652	cmd.exe	81
PID 652 wrote to memory of 3996	652	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SyncPro\Script_Run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\system32\choice.exe
  choice /C:yas /N
  2⤵
  PID:3996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads