d32bfb81bdddc681ff1ae58d2311a99b3f0560b2669f5dea12130307f7e035e1 | Triage

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 13:34

Sharing

Report Analysis Logs

General

Target

main.bat
Size

51KB
MD5

d29a467b7c2bee2840c53d3089afeea2
SHA1

e8a048cb3ae8b834138497dc918f023301e8440e
SHA256

d32bfb81bdddc681ff1ae58d2311a99b3f0560b2669f5dea12130307f7e035e1
SHA512

9a616b59f2e52423512dd95f5fce41c54bd72caf076e7895540a0c74fd9d9cc03fa57c43f230214cd96b072c4e6f7f7ba652bdcf35a65ebbf8047a73210a30ca
SSDEEP

768:1posY9qsaIZz+QK7ruEDHs2guEDHsaOmh82mnUjQxOn1TMQ+:1CsYOBm9mnUk01L+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2272	2468	cmd.exe	30
PID 2468 wrote to memory of 2272	2468	cmd.exe	30
PID 2468 wrote to memory of 2272	2468	cmd.exe	30
PID 2468 wrote to memory of 1560	2468	cmd.exe	31
PID 2468 wrote to memory of 1560	2468	cmd.exe	31
PID 2468 wrote to memory of 1560	2468	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\main.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "prompt $H &echo on &for %B in (1) do rem"
  2⤵
  PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads