4f18502b6ca846e63158f410d48b5e17c23e82a4b4215cbef0d9790d29ebdbe5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lifenz Tweaks v2.3.bat
Size

79KB
MD5

c410192a848f49befb5eadce93c721d8
SHA1

ae716ed832e822d646503bafb81816634fcfc8ad
SHA256

4f18502b6ca846e63158f410d48b5e17c23e82a4b4215cbef0d9790d29ebdbe5
SHA512

c28fcff463566f16712dee6db6a4dca2e989b3883fc835c71fedf0a7db181ff60b0f25dd0c84779882a5ce5b3c3d74f4736437de9c38d4e7b738f02fdc3ee3b0
SSDEEP

768:Z9xLd2QLQpbf4ALi8nYMiEpIwuzd7Q/cJSirt:1x50pbfJcMiECx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2704	1448	cmd.exe	31
PID 1448 wrote to memory of 2704	1448	cmd.exe	31
PID 1448 wrote to memory of 2704	1448	cmd.exe	31
PID 1448 wrote to memory of 2752	1448	cmd.exe	32
PID 1448 wrote to memory of 2752	1448	cmd.exe	32
PID 1448 wrote to memory of 2752	1448	cmd.exe	32
PID 1448 wrote to memory of 2776	1448	cmd.exe	33
PID 1448 wrote to memory of 2776	1448	cmd.exe	33
PID 1448 wrote to memory of 2776	1448	cmd.exe	33
PID 1448 wrote to memory of 2780	1448	cmd.exe	34
PID 1448 wrote to memory of 2780	1448	cmd.exe	34
PID 1448 wrote to memory of 2780	1448	cmd.exe	34
PID 1448 wrote to memory of 2756	1448	cmd.exe	35
PID 1448 wrote to memory of 2756	1448	cmd.exe	35
PID 1448 wrote to memory of 2756	1448	cmd.exe	35
PID 1448 wrote to memory of 2680	1448	cmd.exe	36
PID 1448 wrote to memory of 2680	1448	cmd.exe	36
PID 1448 wrote to memory of 2680	1448	cmd.exe	36
PID 1448 wrote to memory of 2856	1448	cmd.exe	37
PID 1448 wrote to memory of 2856	1448	cmd.exe	37
PID 1448 wrote to memory of 2856	1448	cmd.exe	37
PID 1448 wrote to memory of 2392	1448	cmd.exe	38
PID 1448 wrote to memory of 2392	1448	cmd.exe	38
PID 1448 wrote to memory of 2392	1448	cmd.exe	38
PID 1448 wrote to memory of 2944	1448	cmd.exe	39
PID 1448 wrote to memory of 2944	1448	cmd.exe	39
PID 1448 wrote to memory of 2944	1448	cmd.exe	39
PID 1448 wrote to memory of 896	1448	cmd.exe	40
PID 1448 wrote to memory of 896	1448	cmd.exe	40
PID 1448 wrote to memory of 896	1448	cmd.exe	40
PID 1448 wrote to memory of 2920	1448	cmd.exe	41
PID 1448 wrote to memory of 2920	1448	cmd.exe	41
PID 1448 wrote to memory of 2920	1448	cmd.exe	41
PID 1448 wrote to memory of 2116	1448	cmd.exe	42
PID 1448 wrote to memory of 2116	1448	cmd.exe	42
PID 1448 wrote to memory of 2116	1448	cmd.exe	42
PID 1448 wrote to memory of 2724	1448	cmd.exe	43
PID 1448 wrote to memory of 2724	1448	cmd.exe	43
PID 1448 wrote to memory of 2724	1448	cmd.exe	43
PID 1448 wrote to memory of 2844	1448	cmd.exe	44
PID 1448 wrote to memory of 2844	1448	cmd.exe	44
PID 1448 wrote to memory of 2844	1448	cmd.exe	44
PID 1448 wrote to memory of 2556	1448	cmd.exe	45
PID 1448 wrote to memory of 2556	1448	cmd.exe	45
PID 1448 wrote to memory of 2556	1448	cmd.exe	45
PID 1448 wrote to memory of 2572	1448	cmd.exe	46
PID 1448 wrote to memory of 2572	1448	cmd.exe	46
PID 1448 wrote to memory of 2572	1448	cmd.exe	46
PID 1448 wrote to memory of 2616	1448	cmd.exe	47
PID 1448 wrote to memory of 2616	1448	cmd.exe	47
PID 1448 wrote to memory of 2616	1448	cmd.exe	47
PID 1448 wrote to memory of 812	1448	cmd.exe	48
PID 1448 wrote to memory of 812	1448	cmd.exe	48
PID 1448 wrote to memory of 812	1448	cmd.exe	48
PID 1448 wrote to memory of 2240	1448	cmd.exe	49
PID 1448 wrote to memory of 2240	1448	cmd.exe	49
PID 1448 wrote to memory of 2240	1448	cmd.exe	49
PID 1448 wrote to memory of 848	1448	cmd.exe	50
PID 1448 wrote to memory of 848	1448	cmd.exe	50
PID 1448 wrote to memory of 848	1448	cmd.exe	50
PID 1448 wrote to memory of 3040	1448	cmd.exe	51
PID 1448 wrote to memory of 3040	1448	cmd.exe	51
PID 1448 wrote to memory of 3040	1448	cmd.exe	51
PID 1448 wrote to memory of 1360	1448	cmd.exe	52

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Lifenz Tweaks v2.3.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
  2⤵
  PID:2704
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2752
- C:\Windows\system32\mode.com
  mode 1000
  2⤵
  PID:2776
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:2780
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "0" nul
  2⤵
  PID:2756
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:2680
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:2856
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "1" nul
  2⤵
  PID:2392
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:2944
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:896
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "2" nul
  2⤵
  PID:2920
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:2116
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:2724
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "3" nul
  2⤵
  PID:2844
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:2556
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:2572
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "4" nul
  2⤵
  PID:2616
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:812
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:2240
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "5" nul
  2⤵
  PID:848
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:3040
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:1360
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "6" nul
  2⤵
  PID:1488
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:2820
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:2900
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "7" nul
  2⤵
  PID:2932
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:2444
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:2280
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "8" nul
  2⤵
  PID:988
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:1164
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:1516
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "9" nul
  2⤵
  PID:2348
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:1700
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" " [" nul
  2⤵
  PID:872
- C:\Windows\system32\findstr.exe
  findstr /v /a:5 /R "^$" "10" nul
  2⤵
  PID:2876
- C:\Windows\system32\findstr.exe
  findstr /v /a:F /R "^$" "]" nul
  2⤵
  PID:1012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ [

Filesize
3B

MD5
df66fa563a2fafdb93cc559deb0a38c4

SHA1
e6666cf8574b0f7a9ae5bccee572f965c2aec9cb

SHA256
3e39ed22dc63246937c4dbbf34ce4fb1cfe6b00de7596b020cad49ae50031351

SHA512
34ea05ee75cd840a94526411777868edb293a69867e1fdc2c2e917d278a3d58fcb86afc65142f4b184ce6907f04fb254a86061cfb620f01874b0b454a6f01c18

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads