39be4e8d2228461b42ca590d1da8904ff50e3bb1e4b9bb3208375adc29fc1073 | Triage

Analysis

max time kernel
442s
max time network
486s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
30/03/2025, 01:35

Sharing

Report Analysis Logs

General

Target

build.bat
Size

14B
MD5

92a6f2af2e2bf7d6e64b7821f5400d1c
SHA1

ee3e35bf31da9e6616c1c6a663fd19b4d745a279
SHA256

89b15dd343075c7271ec08f848803709a915526e81831af0a9df53577b5155b5
SHA512

57ebb186b961d2e73bfe554f247b53558cd358bba5716578c355a85caf783087495ca15e981bed2c049e4485bb3d5edf413d90b0e16f68ba95bbdc7f26f5b29f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5804 wrote to memory of 4220	5804	cmd.exe	83
PID 5804 wrote to memory of 4220	5804	cmd.exe	83
PID 5804 wrote to memory of 4220	5804	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\build.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5804
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python main.py
  2⤵
  PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads