43c1958f524dd04b27c4e75be829934ff47105160eec2db9f896223b5778a0a3 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 15:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Script_Run.bat
Size

9KB
MD5

5908f057239b57479c9fb998537139df
SHA1

ae13b32de2991acedec3bdf81c924ca6d6bcf919
SHA256

fd5be994f7727b486a56d6858f6f84c0028813d9641111e27e9bf9f90e9c20e6
SHA512

0752e00b285f77890b24dd540829299b330df18aacb2b562c66e52de4491de6677bc8cf4fad6020dd99c04381ffe6b3c0c90a9c6b3751e675e1b6610cd779d87
SSDEEP

192:I7fgXdVFDefe1z/2fSKzRrc7HMe5z/2fSKzRrc7HSmcj:AgX1eW9YeZOFj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2860	1820	cmd.exe	29
PID 1820 wrote to memory of 2860	1820	cmd.exe	29
PID 1820 wrote to memory of 2860	1820	cmd.exe	29
PID 1820 wrote to memory of 2908	1820	cmd.exe	30
PID 1820 wrote to memory of 2908	1820	cmd.exe	30
PID 1820 wrote to memory of 2908	1820	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Script_Run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\system32\mode.com
  mode con cols=70 lines=25
  2⤵
  PID:2860
- C:\Windows\system32\choice.exe
  choice /C:yas /N
  2⤵
  PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads