136ef661f3ead5ecb9ce3586e8140dbe21562617fba07310102a8eed60d746ed | Triage

Analysis

max time kernel
0s
max time network
4s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 14:47

Sharing

Report Analysis Logs

General

Target

setup.bat
Size

138B
MD5

a119c97dadf6c55c78c699e62ba41824
SHA1

580d8334dbdd8785e75c9699905c3b48036e6e64
SHA256

136ef661f3ead5ecb9ce3586e8140dbe21562617fba07310102a8eed60d746ed
SHA512

7849a6d0fc90293bd1efc00dad3f50f69d5b2f3312cf6f81647e5f52bc16e4ec79ffcbe9729746f9af123902e166c583ddfaa0d1cfe873ac69330c1693e5587f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2876	540	cmd.exe	32
PID 540 wrote to memory of 2876	540	cmd.exe	32
PID 540 wrote to memory of 2876	540	cmd.exe	32
PID 540 wrote to memory of 2316	540	cmd.exe	33
PID 540 wrote to memory of 2316	540	cmd.exe	33
PID 540 wrote to memory of 2316	540	cmd.exe	33

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\setup.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K start_tool.bat
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  cmd /c
  2⤵
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\start_tool.bat

Filesize
17B

MD5
65e5c7f827460ebb2e3f180200afe86e

SHA1
776d739c2a0286844a4e8ea7cbac1e33e97afb4e

SHA256
4c4f3756a56db801fc2ec0e01b5bf5b3eb26bd16e933838a9e70a5474c8ed20a

SHA512
124758083ba5b72fd896a7f468eafc5d9c7ed185a16c4bf5d3735123b0f7c663be20fc4e00f1e785d08fc65f316e123fb4d74c6a1758217ccbc9f6d1c0e52895

Download Submit