b1dd524d8cc9084acbf2057efc5f98032517d0b856aed973442bdabb109e28e1 | Triage

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 20:47

Sharing

Report Analysis Logs

General

Target

Wa0Desktop/stop.bat
Size

41B
MD5

4302de2a361e9dff1df9c11f2af9479f
SHA1

1c6734e09404bb86a306c1ed6413026ddc885549
SHA256

e465002e66bdd4d8673dd1730a7161e546c35acffb6836e4fb3f8ed567396edc
SHA512

230f85beaf56bbf507c79af0be1be30232734f73176ab46c6e47bc9e9811e89d40edd7b30d34f13d86b31484f1f7d46c8aaae463197a66eae6451807aaa0ae27

Score

1^/10

Malware Config

Signatures

Kills process with taskkill 1 IoCs

pid	Process
2720	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	taskkill.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2720	2624	cmd.exe	30
PID 2624 wrote to memory of 2720	2624	cmd.exe	30
PID 2624 wrote to memory of 2720	2624	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Wa0Desktop\stop.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\system32\taskkill.exe
  taskkill /im Wa0Desktop.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads