0f0ea7adf074b43a2fe4778d368319a6806adf1c176ec91c72ad0375f5a22787

Analysis

max time kernel
1377s
max time network
1166s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
17/08/2024, 02:51

Target

pcnuker.bat
Size

78B
MD5

674e40aead58d88130572652d6082d7a
SHA1

a837131cf0383762e7a634dcdce27a972b90c9e6
SHA256

0f0ea7adf074b43a2fe4778d368319a6806adf1c176ec91c72ad0375f5a22787
SHA512

609ca5f2678c2e12a504f5cdba3b565a72759dc143965accbdd2b00f1dbee9bba924407d3b9d09f6ba789dcf438edf7cf853ecd3989fefd6a6ca9c10798e42bf

Score

1^/10

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 2312	3484	cmd.exe	83
PID 3484 wrote to memory of 2312	3484	cmd.exe	83
PID 3484 wrote to memory of 4536	3484	cmd.exe	85
PID 3484 wrote to memory of 4536	3484	cmd.exe	85
PID 3484 wrote to memory of 132	3484	cmd.exe	86
PID 3484 wrote to memory of 132	3484	cmd.exe	86
PID 3484 wrote to memory of 3848	3484	cmd.exe	88
PID 3484 wrote to memory of 3848	3484	cmd.exe	88
PID 3484 wrote to memory of 800	3484	cmd.exe	89
PID 3484 wrote to memory of 800	3484	cmd.exe	89
PID 3484 wrote to memory of 5060	3484	cmd.exe	91
PID 3484 wrote to memory of 5060	3484	cmd.exe	91
PID 3484 wrote to memory of 4972	3484	cmd.exe	92
PID 3484 wrote to memory of 4972	3484	cmd.exe	92
PID 3484 wrote to memory of 2324	3484	cmd.exe	93
PID 3484 wrote to memory of 2324	3484	cmd.exe	93

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\pcnuker.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2312
- C:\Windows\system32\notepad.exe
  notepad
  2⤵
  PID:4536
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:132
- C:\Windows\system32\notepad.exe
  notepad
  2⤵
  PID:3848
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:800
- C:\Windows\system32\notepad.exe
  notepad
  2⤵
  PID:5060
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4972
- C:\Windows\system32\notepad.exe
  notepad
  2⤵
  PID:2324