0cc5c14fcdfc8dee4b46cbd5afbcf5e605697629803503f9d7dc939de7b2698c

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 12:18

Target

StixFreeTweakingUtilityV1.3.bat
Size

230KB
MD5

a0f328140169cde3fd33babe453d325b
SHA1

b388e147533825472ce84bf279f91624a0580342
SHA256

0cc5c14fcdfc8dee4b46cbd5afbcf5e605697629803503f9d7dc939de7b2698c
SHA512

3b9b96415458eb7b8f291fba2c060d5e1c955e0a91fabc72c9ceca1d9169846a8c17e20f134ecfd6e3f1059de91e32bbaaa9e1fe60d708368458f4b110d1a540
SSDEEP

768:TaXHr6zKBWQq+jAcTtGiZQVr6r6Pk6PUXfCV1nFLPqoCo+0CQxwyUh1ZIa1WsOKQ:TauzzQHdCbFB+uxwRO

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 2308	1292	cmd.exe	31
PID 1292 wrote to memory of 2308	1292	cmd.exe	31
PID 1292 wrote to memory of 2308	1292	cmd.exe	31
PID 1292 wrote to memory of 2884	1292	cmd.exe	32
PID 1292 wrote to memory of 2884	1292	cmd.exe	32
PID 1292 wrote to memory of 2884	1292	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\StixFreeTweakingUtilityV1.3.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2308
- C:\Windows\system32\fltMC.exe
  fltmc
  2⤵
  PID:2884