455a31e3e5847bc5cf198d1bd527885a7998b3887c44bba24fbc2c898d2d41a4 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 10:11

Sharing

Report Analysis Logs

General

Target

BACKUPME.bat
Size

48B
MD5

4bb749ccd5b39170b7958733fec0bfeb
SHA1

215bc0ab891ce4040a66d52fddb45c990b571574
SHA256

736096e90dffd4530157927ea107b004aefe9861fac8fec42480d6437ee80860
SHA512

b7d09681be055994c6f3e8f579684890c390a453e1ef6f10c4f4f776779a6c0a96f633a1a2395a31bffedf569b0292c59bb283f22cdec7d4f5fdc94df1a3bb82

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2808	2740	cmd.exe	32
PID 2740 wrote to memory of 2808	2740	cmd.exe	32
PID 2740 wrote to memory of 2808	2740	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\BACKUPME.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\system32\xcopy.exe
  xcopy . c:\backup\DOCUMENT\PROJECT\VB\Seiya /s
  2⤵
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads