f08cd592c887920888cb0a18e754231b756e6c285a50511c26f4826dd1581978 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 20:51

Sharing

Report Analysis Logs

General

Target

main.bat
Size

72KB
MD5

35e015a9bcce22c31ba0fb364830c788
SHA1

514cb5bbff59bb0c5aa92074cfa44ed061c3aafb
SHA256

f08cd592c887920888cb0a18e754231b756e6c285a50511c26f4826dd1581978
SHA512

ed48ecef95cd79b9f26de8523d1ae655310ad8b1684e9bbb24103943cb9fa919de826cf667d2f40d5b8cb9aeaef89aec8cdb86aeb957fe6037b4ee77b28a4668
SSDEEP

768:IposY9qsaIZz+QK7ruEDHs2guEDHsaOmh82mnUjQxOn1TS6QBQg+mispepU:ICsYOBm9mnUk01SBQg+miU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2844	2728	cmd.exe	31
PID 2728 wrote to memory of 2844	2728	cmd.exe	31
PID 2728 wrote to memory of 2844	2728	cmd.exe	31
PID 2728 wrote to memory of 2820	2728	cmd.exe	32
PID 2728 wrote to memory of 2820	2728	cmd.exe	32
PID 2728 wrote to memory of 2820	2728	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\main.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "prompt $H &echo on &for %B in (1) do rem"
  2⤵
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads