59af63a2492f69fde69c4cbe15622e422c9d46b517e08a363aa37f0a15e2bf0f | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-09-2024 06:36

Sharing

Report Analysis Logs

General

Target

install-Tria-S.O.2.7.3-Win7_WinServer2008_R2_and_newers.bat
Size

1KB
MD5

ad3cb27366ebf30476d1be13cfb5d4d1
SHA1

5f4878822be96e3e85809c1b14ecc9573b8ec6d1
SHA256

ae77da3087cdbf5815ce95efa8e4c8d25ee0d1867f8730931b226be517b9e513
SHA512

4905794d54991b8c5eff569d7ef15de7c863e78ef03717e2c695add14f76ca9f2f2da31af130bfaf7947d16345741cb8994fbf9559bcbc0bd945cf61ba0ce773

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	Process	procid_target
PID 3020 wrote to memory of 2636	3020	cmd.exe	32
PID 3020 wrote to memory of 2636	3020	cmd.exe	32
PID 3020 wrote to memory of 2636	3020	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\install-Tria-S.O.2.7.3-Win7_WinServer2008_R2_and_newers.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\system32\xcopy.exe
  xcopy /Q /Y unetbootin-windows-702.exe "C:\Users\Admin"\
  2⤵
  PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads