5e0463309ea9704fb0824738e8cc8a7f42f87f23d0b1595197f45de496734e16 | Triage

Resubmissions

19/08/2024, 09:31

240819-lhfb2swfke 1

19/08/2024, 09:31

240819-lg6gvazcnn 1

19/08/2024, 09:30

240819-lgpjbszcln 1

19/08/2024, 09:29

240819-lf94mswemc 1

Analysis

max time kernel
35s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 09:30

Sharing

Report Analysis Logs

General

Target

kein virus.bat
Size

440B
MD5

deb4afb5b16df904036b59b8415cd727
SHA1

4268f7ad4364d30358c774a05444fc61e756c6f4
SHA256

5e0463309ea9704fb0824738e8cc8a7f42f87f23d0b1595197f45de496734e16
SHA512

ca4237e39f515c3d9fe024aea6118cadab0d6beb559ae778fbe7f989e027429df94963f546b0c1671b56789b2368381a82a9a378595752a91bd0fa0f402954b9

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

pid	Process
2448	timeout.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 2448	3824	cmd.exe	94
PID 3824 wrote to memory of 2448	3824	cmd.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\kein virus.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads