bd035666f01df67518bf6a7976e58d019fe4281b7cc959bc623b5bbc8cb6aa31

Analysis

max time kernel
95s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:20

Target

OctoFreeTweakingUtilityV1.0.bat
Size

32KB
MD5

8392add3fcbeded059c0788e13305148
SHA1

aabebd21818beb9d92354a26bff3b091f6d33070
SHA256

bd035666f01df67518bf6a7976e58d019fe4281b7cc959bc623b5bbc8cb6aa31
SHA512

454321ad19d4544632c51d02a2cd9adb48d856a982e45afdf2c2abd06412a212bb4ee60075ceee1f46370ecb722ed73d0749fd9cae1f627cfd3013d221728774
SSDEEP

384:5TFAFXvNHSuTB4VPVVpZzBYqvRBzalRL/TJ:5TqXDSPVVpZzclRL/TJ

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 1372	5048	cmd.exe	83
PID 5048 wrote to memory of 1372	5048	cmd.exe	83
PID 1372 wrote to memory of 1084	1372	cmd.exe	84
PID 1372 wrote to memory of 1084	1372	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OctoFreeTweakingUtilityV1.0.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\OctoFreeTweakingUtilityV1.0.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1372
- - C:\Windows\system32\findstr.exe
    findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\OctoFreeTweakingUtilityV1.0.bat"
    3⤵
    PID:1084