Automated Malware Analysis IOC Report for

Path

Cmdline

Malicious

C:\Windows\System32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\t.bat" "

Details

Is windows:	true
Is dropped:	false
PID:	7420
Target ID:	0
Parent PID:	640
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\t.bat" "
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	11:00:57
Date:	21/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff686f60000
Modulesize:	421888
Wow64:	false

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7428
Target ID:	1
Parent PID:	7420
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	873472
MD5:	7366FBEFE66BA0F1F5304F7D6FEF09FE
Time:	11:00:57
Date:	21/11/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff720030000
Modulesize:	901120
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Name

IP

Malicious

https://github.com/rouki555/lnk/raw/main/ud.bat

unknown

https://github.com/rouki555/dcm/raw/main/Document.zip

unknown

Name

IP

Malicious

s-part-0035.t-0009.t-msedge.net

13.107.246.63

IOC Report
t.bat