be662bcf89e5ddbe67ece244de7f5b8bba2fa0893c688c10c8e24a4791b1014c

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 08:06

Target

pcfucker.bat
Size

2KB
MD5

79da59db8b429a31872d7fdb86ce3a29
SHA1

1d001190d6bdec30a61d904af25f8320443a1480
SHA256

be662bcf89e5ddbe67ece244de7f5b8bba2fa0893c688c10c8e24a4791b1014c
SHA512

00481a5110a006f78a26f4d8eaebebd50aee528a7af908e6dee4153d6a3b529b6456ba05f39c2409335ed1ab40785b59a93fcef825c981d7d19ce51341cbd2b1

Score

1^/10

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 4996	2152	cmd.exe	85
PID 2152 wrote to memory of 4996	2152	cmd.exe	85
PID 4996 wrote to memory of 4984	4996	net.exe	86
PID 4996 wrote to memory of 4984	4996	net.exe	86
PID 2152 wrote to memory of 4876	2152	cmd.exe	87
PID 2152 wrote to memory of 4876	2152	cmd.exe	87
PID 4876 wrote to memory of 3020	4876	net.exe	88
PID 4876 wrote to memory of 3020	4876	net.exe	88
PID 2152 wrote to memory of 3244	2152	cmd.exe	89
PID 2152 wrote to memory of 3244	2152	cmd.exe	89
PID 3244 wrote to memory of 4272	3244	net.exe	90
PID 3244 wrote to memory of 4272	3244	net.exe	90
PID 2152 wrote to memory of 3608	2152	cmd.exe	91
PID 2152 wrote to memory of 3608	2152	cmd.exe	91
PID 3608 wrote to memory of 3632	3608	net.exe	92
PID 3608 wrote to memory of 3632	3608	net.exe	92
PID 2152 wrote to memory of 1844	2152	cmd.exe	93
PID 2152 wrote to memory of 1844	2152	cmd.exe	93
PID 1844 wrote to memory of 3672	1844	net.exe	94
PID 1844 wrote to memory of 3672	1844	net.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\pcfucker.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\system32\net.exe
  net user HackedByGale 1234 /add
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4996
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user HackedByGale 1234 /add
    3⤵
    PID:4984
- C:\Windows\system32\net.exe
  net user GeoMappersOnTop 1234 /add
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user GeoMappersOnTop 1234 /add
    3⤵
    PID:3020
- C:\Windows\system32\net.exe
  net user LizzardzOnTop 1234 /add
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3244
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user LizzardzOnTop 1234 /add
    3⤵
    PID:4272
- C:\Windows\system32\net.exe
  net user LMFAO 1234 /add
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3608
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user LMFAO 1234 /add
    3⤵
    PID:3632
- C:\Windows\system32\net.exe
  net user XDDD 1234 /add
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1844
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user XDDD 1234 /add
    3⤵
    PID:3672

C:\Users\Admin\AppData\Local\Temp\1727213722HACKED.txt

Filesize
13B

MD5
2ceb9090178ce0c04ace60d6c203a317

SHA1
fcee01b4bc1d3de09cca87abd2c89ce4357ac7d1

SHA256
135f786236f1d20c3a5e5b1d61723910f067281231e023b71f6fd9898e8300c0

SHA512
cef192fe519c1d54bcbac48a2d148063b6b5140095aff4ed8d69df8d1645948372232568572fab711a9138986c1210dbdcbb86761ec25c0f09f6683c913c057f

Download Submit