c455684fcd8352464dcc29f0f46b1637f66475a6358aeac7c755edc559783cee

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 15:45

Target

YSticky-20210604/win.bat
Size

183B
MD5

1a8fbbe52bc57c0855bf81d92550254e
SHA1

e2b69acd2cdea6b17f6d432e4aabe775a34b8916
SHA256

599a40bbf9c36363882d0516370bf91d5cd22a3a9a64b250ee8b20d0dfafcd75
SHA512

640596b71d08e8bf0f995350a27c9bcccd59e440b99714633378cbabeeb404bec94fa36371542dfdc78c422d6818f28c59ab907dbbb85c6ef1871ad59b53259e

Score

1^/10

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2784	2136	cmd.exe	32
PID 2136 wrote to memory of 2784	2136	cmd.exe	32
PID 2136 wrote to memory of 2784	2136	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\YSticky-20210604\win.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\system32\java.exe
  java.exe -jar ysticky.jar
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2784

memory/2784-2-0x00000000024B0000-0x0000000002720000-memory.dmp

Filesize
2.4MB

Download
memory/2784-14-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/2784-15-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/2784-17-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2784-18-0x00000000024B0000-0x0000000002720000-memory.dmp

Filesize
2.4MB

Download
memory/2784-19-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download