fbb1c5811042bfe6fbc3329c17e2bbb75279d315777768ef6b835a85e9331ef2 | Triage

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-02-2025 19:45

Sharing

Report Analysis Logs

General

Target

Click To Run.bat
Size

34B
MD5

ad3ed1d41f9b51f7f203d56597c05958
SHA1

724822195edeff84c01f298212dbaebf1b55a0d2
SHA256

413b8e555d8f42c56d22d6843708f7bfcb0bbedb4f833bf3c89880665925bd14
SHA512

dcb33488d6a8da2ca6ab1307fba58c68e62cd31e592058bf9c6a1621bff20da4b5df49684a7cac058b522619fd8b785446a251ae5656fba7a4d666dfa303f290

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2784	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2784	1612	cmd.exe	31
PID 1612 wrote to memory of 2784	1612	cmd.exe	31
PID 1612 wrote to memory of 2784	1612	cmd.exe	31
PID 1612 wrote to memory of 2784	1612	cmd.exe	31
PID 1612 wrote to memory of 2784	1612	cmd.exe	31
PID 1612 wrote to memory of 2784	1612	cmd.exe	31
PID 1612 wrote to memory of 2784	1612	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Click To Run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Users\Admin\AppData\Local\Temp\setup.exe
  setup /configure configuration.xml
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads