d476e788f017f776e8dcd8dc585a51a21f72a0a28a4e752ec0dbeee12795ed12 | Triage

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 11:52

Sharing

Report Analysis Logs

General

Target

NoSystem/Run.bat
Size

81B
MD5

a57b7bfff7ac115691a2a43b52dc3b5e
SHA1

94382a3a2af0e8ac2e2a413aeace5e61620e543a
SHA256

ceeb06b1f9b5087465abb7c1b904c8a7160a868bc0d9fd0115e261daebd7da82
SHA512

b2320cbfbeffcfce43a905874e7454264bd8e7603e7e5bbf8c8abbfd89690beff708dcf4b6b277e0df05ffc6771bc229260af019eeb9d653e71905dcf4fd1d08

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2272	948	cmd.exe	30
PID 948 wrote to memory of 2272	948	cmd.exe	30
PID 948 wrote to memory of 2272	948	cmd.exe	30
PID 2272 wrote to memory of 2732	2272	net.exe	31
PID 2272 wrote to memory of 2732	2272	net.exe	31
PID 2272 wrote to memory of 2732	2272	net.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\NoSystem\Run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\system32\net.exe
  Net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads