40a7904cb9fb89d6431d2d0eee4d0fae41a5c618c4dc42d6ceba19dd826bb4fa

Analysis

max time kernel
61s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 14:28

Target

uac.bat
Size

1KB
MD5

842485dc476f64b175e09d8a97f5fabc
SHA1

e20b223605cc099f51eb3468f3f00018e777159b
SHA256

ff7973795c282704c5c5052a5409cb9a0b70039612dd7b04b46488af549b88a4
SHA512

39104ec332372891bdde299a1754d77a6cc2adac37e274e8efe79b79f962f1dcfb38d4c9dfadcc0718e5f58565ed7a22cadb200993f15571e9bff397ad31fe95

Score

1^/10

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4464	2740	cmd.exe	84
PID 2740 wrote to memory of 4464	2740	cmd.exe	84
PID 2740 wrote to memory of 4408	2740	cmd.exe	85
PID 2740 wrote to memory of 4408	2740	cmd.exe	85
PID 2740 wrote to memory of 3976	2740	cmd.exe	86
PID 2740 wrote to memory of 3976	2740	cmd.exe	86
PID 2740 wrote to memory of 2084	2740	cmd.exe	87
PID 2740 wrote to memory of 2084	2740	cmd.exe	87
PID 2740 wrote to memory of 1804	2740	cmd.exe	88
PID 2740 wrote to memory of 1804	2740	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\uac.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\system32\mode.com
  mode con lines=1 cols=14
  2⤵
  PID:4464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" ver "
  2⤵
  PID:4408
- C:\Windows\system32\find.exe
  find /i "version 6.1."
  2⤵
  PID:3976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" ver "
  2⤵
  PID:2084
- C:\Windows\system32\find.exe
  find /i "version 6.0."
  2⤵
  PID:1804