2a05b5103cf0c5759403edb21e3c6cf482d9b8ef6b1c25f1b0ec7b968b9291a5

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 07:03

Target

Cooked v5.bat
Size

42KB
MD5

e59fba8986ffa176085459075e0faef9
SHA1

4b713522eeea6e357c524f9f512b4e2a81839413
SHA256

2a05b5103cf0c5759403edb21e3c6cf482d9b8ef6b1c25f1b0ec7b968b9291a5
SHA512

69cc8c66d972347f71ccde30b30ec3e4e9db731f04d5d82411170ee8f7b755d0da2078b84d5d76204acf3503b91b7e202c2fa16c4ad62a51e62ab0509fd5acdd
SSDEEP

768:bT1I0/5XyAQDIyQFdQyhA//7ViIIYgEB6dUt00WuWHjY3N7PWQ4woq6wvqthi6QA:bT1I0/5XyAQDIyQFdQyhA//piIIYgEBM

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 3956	3348	cmd.exe	84
PID 3348 wrote to memory of 3956	3348	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Cooked v5.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:3956

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact