ad28a59e2234cee44a0eee96aff1c7a71054a40734d289fe0d436e79247ad6d3 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 01:14

Sharing

Report Analysis Logs

General

Target

AMI/spoof.bat
Size

57B
MD5

70c372a580ee13ad16ff67d3cc0ff0c6
SHA1

7e92af45a827b70404573f9f8339b2c9297793ec
SHA256

74975bffd064e9e27f44db7738b5f4c971ca1401b5e5d89f4aa50835801abb5c
SHA512

8dd0f5cbf1e66061f11d9129b6da90046ffc36742b2884e271399f17f096dbaf5c1db80d2b4c3e4594961021c96e04c623c684c5c6511cfe6e64b5527d1e50ed

Score

1^/10

Malware Config

Signatures

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
476	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 584	2848	cmd.exe	32
PID 2848 wrote to memory of 584	2848	cmd.exe	32
PID 2848 wrote to memory of 584	2848	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\AMI\spoof.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\AMI\AMIDEWINx64.EXE
  AMIDEWINx64.exe /SU AUTO
  2⤵
  PID:584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads