10f65b5ff82a1838a20614cc7bf379e8f55c3d46ef9ecaba7837c17ec44ce49f

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
04/03/2025, 14:19

Target

Destiny Mod Menu/Destiny/Unistall.cmd
Size

652B
MD5

cbcf3f62d09c0384fac1e9aa7864eaf9
SHA1

ef3c625e9bb9437bea730533565a77cff3f442ac
SHA256

2ff897d3073ba334e43ad3ca2e65b6297b74d72931f45eda6caf6082b5b22768
SHA512

95b982a66a396c1e79371521957299bde29df1eab65f4b1905fc64530ab1a1d109ae597448a183b79c596874d730d7a6a52ea7836aba7f4ca7fc8a3d306654ac

Score

1^/10

Delays execution with timeout.exe 7 IoCs

defense_evasion

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 5856 wrote to memory of 868	5856	cmd.exe	79
PID 5856 wrote to memory of 868	5856	cmd.exe	79
PID 5856 wrote to memory of 392	5856	cmd.exe	80
PID 5856 wrote to memory of 392	5856	cmd.exe	80
PID 5856 wrote to memory of 6004	5856	cmd.exe	81
PID 5856 wrote to memory of 6004	5856	cmd.exe	81
PID 5856 wrote to memory of 5684	5856	cmd.exe	82
PID 5856 wrote to memory of 5684	5856	cmd.exe	82
PID 5856 wrote to memory of 3552	5856	cmd.exe	83
PID 5856 wrote to memory of 3552	5856	cmd.exe	83
PID 5856 wrote to memory of 4436	5856	cmd.exe	84
PID 5856 wrote to memory of 4436	5856	cmd.exe	84
PID 5856 wrote to memory of 2608	5856	cmd.exe	85
PID 5856 wrote to memory of 2608	5856	cmd.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Destiny Mod Menu\Destiny\Unistall.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:5856
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:868
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:392
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:6004
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5684
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3552
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4436
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2608