6c2e4c5e15176147ab9580ad7f7776b7445e495da651e0aba4e7e4b666b6e6be | Triage

Analysis

max time kernel
100s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16-08-2024 16:31

Sharing

Report Analysis Logs

General

Target

SyncPro/syncpro.bat
Size

13KB
MD5

64a4e8420c1033b23ed46ea15c6f7883
SHA1

f9217fc0d431454bf7a3a5985872d89832fce72c
SHA256

42d29535c8e44c5f88f8614524ab19f1d771320fb7105c6a7c0f02e65f9aaca7
SHA512

07b2b4b5c659577313e9f83ca329a15937c5327cd732ab178920bc1398100448d8905a756c57388385accd226aa5890e56eaf6bcbc1701088e5828b24f1b7aa9
SSDEEP

192:WTLtYH4fEmEdN40/IveIThAI8H6dDeOUczJUmcCTJfN:WTLtbsb/IvZAI8H6dDed7mcCTJ1

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	cmd.exe

Runs net.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4556	OpenWith.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 1528	3940	cmd.exe	83
PID 3940 wrote to memory of 1528	3940	cmd.exe	83
PID 1528 wrote to memory of 1096	1528	net.exe	84
PID 1528 wrote to memory of 1096	1528	net.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SyncPro\syncpro.bat"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:1096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads