a5f72f5b6a80a798b398d9e0af0d06647ebd7af9d00a38213ec079b59820cad3 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 19:48

Sharing

Report Analysis Logs

General

Target

rat remover.bat
Size

8KB
MD5

37fa5465a015515ca2d1aec1265e50e2
SHA1

c70aab71cac4f51b51e1e9b796dac8d85109442f
SHA256

a5f72f5b6a80a798b398d9e0af0d06647ebd7af9d00a38213ec079b59820cad3
SHA512

95ac8955274885d368d8d338bd5bd3448bfb2191118258a2c806b550ac3d314f0a7ea2496d1c526ea3341d41ac0f34bdd8431b9e2051cbdc35199a05a3be0356
SSDEEP

96:ci4bPeGVlBbGV5FYAUdaIQe/0uscQGZ/nWuPloLe9maMBqeTBKAR4iWPMY+aBUAS:DoW77Shdsusc1l6aVh/y

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2808	2744	cmd.exe	32
PID 2744 wrote to memory of 2808	2744	cmd.exe	32
PID 2744 wrote to memory of 2808	2744	cmd.exe	32
PID 2808 wrote to memory of 2752	2808	net.exe	33
PID 2808 wrote to memory of 2752	2808	net.exe	33
PID 2808 wrote to memory of 2752	2808	net.exe	33

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\rat remover.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads