a481ab7c71f123180715c90f403f999689996c9bd875a3c4bc7c1ebab629e823 | Triage

Analysis

max time kernel
35s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 17:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

shutdownorno.bat
Size

650B
MD5

e7ae988d0fae91cc4d2eda5de8c728d4
SHA1

b0fa0b6dd786a7af89281743c4679a06dd0a4040
SHA256

a481ab7c71f123180715c90f403f999689996c9bd875a3c4bc7c1ebab629e823
SHA512

a3c4153ae33fc74e26ba53eadb63ce1bbc3e8f3d162e7161c58e50a596243afb3139aa430f9ff9732f3be2e88167b6c4e78210256e5447454879e082a57081bc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 4328	1028	cmd.exe	85
PID 1028 wrote to memory of 4328	1028	cmd.exe	85
PID 1028 wrote to memory of 5012	1028	cmd.exe	90
PID 1028 wrote to memory of 5012	1028	cmd.exe	90

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\shutdownorno.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\system32\curl.exe
  curl -s https://windowsutility.neocities.org/start.txt -o C:\Users\Admin\AppData\Local\Temp\webfile.txt
  2⤵
  PID:4328
- C:\Windows\system32\findstr.exe
  findstr /i /c:"start" C:\Users\Admin\AppData\Local\Temp\webfile.txt
  2⤵
  PID:5012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\webfile.txt

Filesize
5B

MD5
ea2b2676c28c0db26d39331a336c6b92

SHA1
2b020927d3c6eb407223a1baa3d6ce3597a3f88d

SHA256
cced28c6dc3f99c2396a5eaad732bf6b28142335892b1cd0e6af6cdb53f5ccfa

SHA512
cd3ca530caee1aabac0ebbd2ea45c568bdd1442da5724d22ad5c51461fccb3f304806658486c0790053683cf875a5ebb62514404008aeccce9bcc3f7bf5adee8

Download Submit