1485507e6b61175e2ea04d4866ee932620251b5ce895d78a959b7c4c5a2de18d | Triage

Resubmissions

07-01-2025 19:22

250107-x3kcaavmb1 10

07-01-2025 07:44

250107-jk35sa1mex 10

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-01-2025 07:44

Sharing

Report Analysis Logs

General

Target

css/1.bat
Size

66B
MD5

c644ff75d62bc34a768e47aecdaeceea
SHA1

5ca202464b346b424c48922b45ea0f0b181409a3
SHA256

824732ef73db4846b8270f325f2c7d925791d9bdf73ba546f3aa9c5615cabbfc
SHA512

0eb61811df09f763efc321556b70085dae4b284fb38e21ca62efa7197c47852805ed87277b1e594331755ce318db254e3b7d099abebfa7d5e099f08cf5eff677

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1432	1732	cmd.exe	31
PID 1732 wrote to memory of 1432	1732	cmd.exe	31
PID 1732 wrote to memory of 1432	1732	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\css\1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\system32\reg.exe
  reg query "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions" /s
  2⤵
  PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads