934a1a96b8a6c4da2c55044ec55d6aaff42b4568c9c545065afa683cd20c3a63

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 22:13

Target

main.bat
Size

93KB
MD5

ed7381c57d2050794ffe34d55df3f92b
SHA1

708f07c8c2cb45bc9924a6e9465efa946989b322
SHA256

934a1a96b8a6c4da2c55044ec55d6aaff42b4568c9c545065afa683cd20c3a63
SHA512

87bb7dcec5ef463ca6778a2cedc8e5a94ad0753e3c281afe3f14a97d45a42729267eb8328801a423007437d7a876836ae962de43af876331954eabf09702c7ec
SSDEEP

768:FposY9qsaIZz+QK7ruEDHs2guEDHsaXmh82mnUjQxOn1TbzQeQg+miCmY1p02Azy:FCsYOSm9mnUk01seQg+miCm2AM1j

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1084	2380	cmd.exe	30
PID 2380 wrote to memory of 1084	2380	cmd.exe	30
PID 2380 wrote to memory of 1084	2380	cmd.exe	30
PID 2380 wrote to memory of 672	2380	cmd.exe	31
PID 2380 wrote to memory of 672	2380	cmd.exe	31
PID 2380 wrote to memory of 672	2380	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\main.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:1084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "prompt $H &echo on &for %B in (1) do rem"
  2⤵
  PID:672