10f65b5ff82a1838a20614cc7bf379e8f55c3d46ef9ecaba7837c17ec44ce49f

Analysis

max time kernel
89s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2025, 14:32

Target

Destiny Mod Menu/Destiny/Unistall.cmd
Size

652B
MD5

cbcf3f62d09c0384fac1e9aa7864eaf9
SHA1

ef3c625e9bb9437bea730533565a77cff3f442ac
SHA256

2ff897d3073ba334e43ad3ca2e65b6297b74d72931f45eda6caf6082b5b22768
SHA512

95b982a66a396c1e79371521957299bde29df1eab65f4b1905fc64530ab1a1d109ae597448a183b79c596874d730d7a6a52ea7836aba7f4ca7fc8a3d306654ac

Score

1^/10

Delays execution with timeout.exe 7 IoCs

defense_evasion

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2192	2644	cmd.exe	86
PID 2644 wrote to memory of 2192	2644	cmd.exe	86
PID 2644 wrote to memory of 644	2644	cmd.exe	92
PID 2644 wrote to memory of 644	2644	cmd.exe	92
PID 2644 wrote to memory of 5004	2644	cmd.exe	97
PID 2644 wrote to memory of 5004	2644	cmd.exe	97
PID 2644 wrote to memory of 4940	2644	cmd.exe	101
PID 2644 wrote to memory of 4940	2644	cmd.exe	101
PID 2644 wrote to memory of 1416	2644	cmd.exe	103
PID 2644 wrote to memory of 1416	2644	cmd.exe	103
PID 2644 wrote to memory of 3988	2644	cmd.exe	106
PID 2644 wrote to memory of 3988	2644	cmd.exe	106
PID 2644 wrote to memory of 3508	2644	cmd.exe	107
PID 2644 wrote to memory of 3508	2644	cmd.exe	107

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Destiny Mod Menu\Destiny\Unistall.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2192
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:644
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5004
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4940
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1416
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 3 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3508