80c4016577c11791f64e2d43e1dfad2b01adf7276100400a4421b48df6e6fbfe

Analysis

max time kernel
31s
max time network
34s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-12-2024 14:45

Target

Xeno-v1.1.0-x64/Install dependencies.bat
Size

1KB
MD5

eb4b04fbf3be04946d84a01ede5cbe9a
SHA1

c03837830a409c2ef177925bd3e4ec9544cc5031
SHA256

f545d644196419b41eadae3f0846888c396284cc148c780916c0d96a07f71b40
SHA512

42dae275458e8f23383285087cda5dad95bfee58bdb86dc1b6c07373296e35f99fd3c249fe022a5bbd3e9b0a465b6231922267fb330d6b5febeb7a731d320749

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 4416	4476	cmd.exe	83
PID 4476 wrote to memory of 4416	4476	cmd.exe	83
PID 4416 wrote to memory of 4648	4416	net.exe	84
PID 4416 wrote to memory of 4648	4416	net.exe	84
PID 4476 wrote to memory of 4804	4476	cmd.exe	85
PID 4476 wrote to memory of 4804	4476	cmd.exe	85
PID 4476 wrote to memory of 4192	4476	cmd.exe	86
PID 4476 wrote to memory of 4192	4476	cmd.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.0-x64\Install dependencies.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4416
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:4648
- C:\Windows\system32\reg.exe
  reg query "HKLM\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64"
  2⤵
  PID:4804
- C:\Program Files\dotnet\dotnet.exe
  dotnet --list-sdks
  2⤵
  PID:4192