10f65b5ff82a1838a20614cc7bf379e8f55c3d46ef9ecaba7837c17ec44ce49f

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
04/03/2025, 14:32

Target

Destiny Mod Menu/Destiny/Unistall.cmd
Size

652B
MD5

cbcf3f62d09c0384fac1e9aa7864eaf9
SHA1

ef3c625e9bb9437bea730533565a77cff3f442ac
SHA256

2ff897d3073ba334e43ad3ca2e65b6297b74d72931f45eda6caf6082b5b22768
SHA512

95b982a66a396c1e79371521957299bde29df1eab65f4b1905fc64530ab1a1d109ae597448a183b79c596874d730d7a6a52ea7836aba7f4ca7fc8a3d306654ac

Score

1^/10

Delays execution with timeout.exe 7 IoCs

defense_evasion

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2456	2856	cmd.exe	31
PID 2856 wrote to memory of 2456	2856	cmd.exe	31
PID 2856 wrote to memory of 2456	2856	cmd.exe	31
PID 2856 wrote to memory of 2780	2856	cmd.exe	32
PID 2856 wrote to memory of 2780	2856	cmd.exe	32
PID 2856 wrote to memory of 2780	2856	cmd.exe	32
PID 2856 wrote to memory of 2804	2856	cmd.exe	33
PID 2856 wrote to memory of 2804	2856	cmd.exe	33
PID 2856 wrote to memory of 2804	2856	cmd.exe	33
PID 2856 wrote to memory of 2860	2856	cmd.exe	34
PID 2856 wrote to memory of 2860	2856	cmd.exe	34
PID 2856 wrote to memory of 2860	2856	cmd.exe	34
PID 2856 wrote to memory of 2876	2856	cmd.exe	35
PID 2856 wrote to memory of 2876	2856	cmd.exe	35
PID 2856 wrote to memory of 2876	2856	cmd.exe	35
PID 2856 wrote to memory of 2920	2856	cmd.exe	36
PID 2856 wrote to memory of 2920	2856	cmd.exe	36
PID 2856 wrote to memory of 2920	2856	cmd.exe	36
PID 2856 wrote to memory of 3052	2856	cmd.exe	37
PID 2856 wrote to memory of 3052	2856	cmd.exe	37
PID 2856 wrote to memory of 3052	2856	cmd.exe	37

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Destiny Mod Menu\Destiny\Unistall.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2456
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2780
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2804
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2860
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2876
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2920
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3052