45871378c7a91318dfda953a8b4efbdb0e0d150a4f92c612f711aeb762e7c031

Analysis

max time kernel
67s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2024 19:09

Target

installpy3.8.bat
Size

47KB
MD5

18e17774097ec626ff846c22cd9840f9
SHA1

691856af491bc2a8e7399409e606f0f78730341b
SHA256

3653d2ad5e2d98f12ad4ea90c547d648d98f34da3b4936442b0dbc90f22b83c3
SHA512

881c2beaae0d16cff068b5c891041538c58be1a6d3fa5c6a35dede9579ea072f248942fb690ff3b8590bf3a392f28047226148e0a59fa99bf4d253511fa74a42
SSDEEP

768:y3/HEkYRHeLhcgbgm3vjM0kLicUyL6dylQLM+w48IL32eCpP71fAN4ylXV1ZCG2I:Gsuvg0QTXyAPKah7y8c0vJuQP1CJTqT8

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 3368	3372	cmd.exe	85
PID 3372 wrote to memory of 3368	3372	cmd.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\installpy3.8.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Windows\system32\print.exe
  print ('Hello, World!')
  2⤵
  PID:3368