b4a933b088f2b17533a0b0263ec57dce29b0f221517bbb2df740db387db5579a

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 01:01

Target

launcher.bat
Size

75B
MD5

eb55186a25a8401bce6951cce620f9ef
SHA1

de8527377c8dab90ca8d20e74e210b86d0609295
SHA256

34ee234989a8d61ef10b8dc249335b82660d014f7ed4bd199110e1bb57b9ec57
SHA512

83d56e9c99fe10e0c58b51b236c39b71d52cc1c959efd1ef096b066bdd56fbf01b91f3a0c6732e76ee09295f922e33c4b53a56d07f6583f2c23333f357772490

Score

8^/10

Blocklisted process makes network request 19 IoCs

Suspicious behavior: EnumeratesProcesses 34 IoCs

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 3408	4848	cmd.exe	83
PID 4848 wrote to memory of 3408	4848	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\system32\rundll32.exe
  rundll32.exe witwin_st_x64.dll,NxReleasePMap
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3408

memory/3408-0-0x000000026E7A0000-0x000000026E7EA000-memory.dmp

Filesize
296KB

Download
memory/3408-1-0x000001BE2ABC0000-0x000001BE2AC06000-memory.dmp

Filesize
280KB

Download
memory/3408-2-0x000000026E7A0000-0x000000026E7EA000-memory.dmp

Filesize
296KB

Download
memory/3408-5-0x000001BE2AC50000-0x000001BE2AC9C000-memory.dmp

Filesize
304KB

Download
memory/3408-4-0x000001BE2AC10000-0x000001BE2AC4E000-memory.dmp

Filesize
248KB

Download
memory/3408-20-0x000001BE2AC50000-0x000001BE2AC9C000-memory.dmp

Filesize
304KB

Download
memory/3408-21-0x000000026E7A0000-0x000000026E7EA000-memory.dmp

Filesize
296KB

Download