ae5c64a88ceb35a4cd3748ed27392845405934108bcefff1c965599ba1294f30 | Triage

Resubmissions

05-12-2024 19:46

241205-yhfc9svrbl 10

05-12-2024 19:03

241205-xqftbstmhr 10

Analysis

max time kernel
92s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 19:46

Sharing

Report Analysis Logs

General

Target

Adil Windows.bat
Size

12KB
MD5

cb107d44ed312ae167260b86b9d1901d
SHA1

47406774f65842ff020290fe34c0175789e2f5d0
SHA256

ae5c64a88ceb35a4cd3748ed27392845405934108bcefff1c965599ba1294f30
SHA512

981f373ec1ff38b4bba875ef8bb5caa5875082c8c6e8f36f8a4593599500195536b522853d686499f6b3908b7845e283b695f9ac370201ffdf319a5ec1a563fd
SSDEEP

192:A9AcZ8zMED95ExPaxmmpeO7D8HqYT1+gvwoKNfcP7b8T0j:UA684zwreO7D89T1rKNfBu

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 3536	796	cmd.exe	84
PID 796 wrote to memory of 3536	796	cmd.exe	84
PID 3536 wrote to memory of 1412	3536	net.exe	85
PID 3536 wrote to memory of 1412	3536	net.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Adil Windows.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:796
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads