f39e596217d308c2af0a8ea4e9580315184db8d755066c56d49e7ea0c9713898

Analysis

max time kernel
21s
max time network
14s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 19:27

Target

fundExecutable.bat
Size

20KB
MD5

7a88efc404488b8e3db19ff972c8df3a
SHA1

f0c28ca7bf143258a802a4e6ac86e4d3e3f5051f
SHA256

f39e596217d308c2af0a8ea4e9580315184db8d755066c56d49e7ea0c9713898
SHA512

6b88a1394d856e4eff071c48c165266a2d2702a7b49c23e7e813dad7ead8ea1dfb1d7432ac8d4adb7b37f9ce2757a9f7b86daa45e9347536c7fbe555c087b81c
SSDEEP

192:Sf9hKWKu7To1YYYFAI7VxhmjK3Sae2T3NcPXz9KpWC/6:G7SI7LcjVaeC3NcPj4pW/

Score

1^/10

Delays execution with timeout.exe 9 IoCs

evasion

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 2772	4432	cmd.exe	84
PID 4432 wrote to memory of 2772	4432	cmd.exe	84
PID 4432 wrote to memory of 4112	4432	cmd.exe	85
PID 4432 wrote to memory of 4112	4432	cmd.exe	85
PID 4432 wrote to memory of 3076	4432	cmd.exe	100
PID 4432 wrote to memory of 3076	4432	cmd.exe	100
PID 4432 wrote to memory of 2616	4432	cmd.exe	101
PID 4432 wrote to memory of 2616	4432	cmd.exe	101
PID 4432 wrote to memory of 4916	4432	cmd.exe	105
PID 4432 wrote to memory of 4916	4432	cmd.exe	105
PID 4432 wrote to memory of 1840	4432	cmd.exe	107
PID 4432 wrote to memory of 1840	4432	cmd.exe	107
PID 4432 wrote to memory of 2852	4432	cmd.exe	108
PID 4432 wrote to memory of 2852	4432	cmd.exe	108
PID 4432 wrote to memory of 2952	4432	cmd.exe	109
PID 4432 wrote to memory of 2952	4432	cmd.exe	109
PID 4432 wrote to memory of 2672	4432	cmd.exe	110
PID 4432 wrote to memory of 2672	4432	cmd.exe	110
PID 4432 wrote to memory of 4264	4432	cmd.exe	111
PID 4432 wrote to memory of 4264	4432	cmd.exe	111
PID 4432 wrote to memory of 1892	4432	cmd.exe	112
PID 4432 wrote to memory of 1892	4432	cmd.exe	112
PID 1892 wrote to memory of 2856	1892	net.exe	113
PID 1892 wrote to memory of 2856	1892	net.exe	113

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\fundExecutable.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2772
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4112
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3076
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2616
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4916
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1840
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2852
- C:\Windows\system32\timeout.exe
  timeout 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2952
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2672
- C:\Windows\system32\timeout.exe
  timeout 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4264
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2856