Overview

overview

10

Static

static

run.bat

windows7_x64

10

run.bat

windows10_x64

1

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-11-2020 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    run.bat

  • Size

    32B

  • MD5

    620730fa5833ca62711e01172f9767c4

  • SHA1

    402d21e79fb264be16ed69f6d07d9e35bdd8fb91

  • SHA256

    5e6b3126b585d6cbc03f0f2f03487cbf48519476407064a61ec0652cfc4172ea

  • SHA512

    62c8dc846c1c18bbac254b4c48d84627646fe81bf68b7c69a8fe694706cdad3632558f7db11abbb6fd67f26c30f0fb32819374b02b3cb1d49ab455cd99d7f0de

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 131 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\Windows\system32\regsvr32.exe
      regsvr32 -s 10.11nov322.gif.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5036
      • C:\Windows\SysWOW64\regsvr32.exe
        -s 10.11nov322.gif.dll
        3⤵
          PID:4240
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1172 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1400
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3304
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4792 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1916
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2148
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3144
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3144 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:4200
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3376
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3376 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:4292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1680

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
      MD5

      a69fba04d9b13e82fb772d1b38b6054a

      SHA1

      f7ab8c1d32ddc58e13f65f9b8bb0cc844f164454

      SHA256

      733d04f9d9e1fdf85914f097cca3f8bfb3926c38a7ccf69e7c74d887abbc64ff

      SHA512

      6fae50c73cc08c48d5ecb6814785f82c46ded1dc00ba9a8b02a9b2bd907a10bba6015e0a5753487a12765db242162ce4f822bf5d3381a71ae2143c9f5d34669a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
      MD5

      b03ca8d992e0af77865380d1947cc057

      SHA1

      03c88892d66e6eee2c7762437fcb4a1a66eba8b2

      SHA256

      ecedf8269b89351926760db3f4ceec12f512f7b51e243ab1e872c33c1a003b2c

      SHA512

      8dad09ad9569c5d0ef79b00b149cccfeb8d7cf30fba54c048be30a8a9675a74091360c4b995ac56a6026c2721e0b4aa9511ddfabf6b39bc7d4cbc942ec9b7cd2

      Download Submit
    • memory/1400-3-0x0000000000000000-mapping.dmp
      Download
    • memory/1680-12-0x0000000000000000-mapping.dmp
      Download
    • memory/2148-9-0x0000000000000000-mapping.dmp
      Download
    • memory/3304-4-0x0000000000000000-mapping.dmp
      Download
    • memory/4200-10-0x0000000000000000-mapping.dmp
      Download
    • memory/4240-2-0x00000000030B0000-0x00000000030C2000-memory.dmp
      Filesize

      72KB

      Download
    • memory/4240-1-0x0000000000000000-mapping.dmp
      Download
    • memory/4292-11-0x0000000000000000-mapping.dmp
      Download
    • memory/4560-7-0x0000000000000000-mapping.dmp
      Download
    • memory/4744-8-0x0000000000000000-mapping.dmp
      Download
    • memory/5036-0-0x0000000000000000-mapping.dmp
      Download