Overview

overview

10

Static

static

8

HWUpgradeS...PC.bat

windows7_x64

1

HWUpgradeS...PC.bat

windows10_x64

1

HWUpgradeS...ta.bat

windows7_x64

1

HWUpgradeS...ta.bat

windows10_x64

1

HWUpgradeS...PC.bat

windows7_x64

1

HWUpgradeS...PC.bat

windows10_x64

1

HWUpgradeS...ta.bat

windows7_x64

1

HWUpgradeS...ta.bat

windows10_x64

1

HWUpgradeS...PC.bat

windows7_x64

10

HWUpgradeS...PC.bat

windows10_x64

1

HWUpgradeS...ce.bat

windows7_x64

4

HWUpgradeS...ce.bat

windows10_x64

4

HWUpgradeS...et.bat

windows7_x64

6

HWUpgradeS...et.bat

windows10_x64

6

HWUpgradeS...ce.bat

windows7_x64

4

HWUpgradeS...ce.bat

windows10_x64

4

HWUpgradeS...et.bat

windows7_x64

6

HWUpgradeS...et.bat

windows10_x64

6

HWUpgradeS...ze.bat

windows7_x64

1

HWUpgradeS...ze.bat

windows10_x64

1

HWUpgradeS...PC.bat

windows7_x64

10

HWUpgradeS...PC.bat

windows10_x64

1

HWUpgradeS...PC.bat

windows7_x64

1

HWUpgradeS...PC.bat

windows10_x64

1

HWUpgradeS...ME.doc

windows7_x64

4

HWUpgradeS...ME.doc

windows10_x64

1

HWUpgradeS...nd.exe

windows7_x64

1

HWUpgradeS...nd.exe

windows10_x64

4

Analysis

  • max time kernel
    2s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    06-07-2021 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HWUpgradeScripts/PreConfigureWindows7SourcePC.bat

  • Size

    983B

  • MD5

    81307c4fae02336dd550c4662f880dea

  • SHA1

    29c0417e3e305e6f42461dedb9d9449cfcfe15d5

  • SHA256

    92654778a60ba89d61c85e437a6649bd3e56c2c0fa49826ef6a1da4289c724b1

  • SHA512

    325f67d47fb11dc62e7b5c729c86e30454a90da672e2b3a51114346037c9c64387209ed581ccaef30edf8736a036d16aa68c016f43c4d5579ddb2b99d7c6c530

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\HWUpgradeScripts\PreConfigureWindows7SourcePC.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" ver "
      2⤵
        PID:2016
      • C:\Windows\system32\findstr.exe
        findstr /i "5\.1\."
        2⤵
          PID:1192
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /S /D /c" ver "
          2⤵
            PID:1220
          • C:\Windows\system32\findstr.exe
            findstr /i "6\.1\."
            2⤵
              PID:1260
            • C:\Windows\system32\reg.exe
              REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA
              2⤵
                PID:1328

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1192-61-0x0000000000000000-mapping.dmp
              Download
            • memory/1220-62-0x0000000000000000-mapping.dmp
              Download
            • memory/1260-63-0x0000000000000000-mapping.dmp
              Download
            • memory/1328-64-0x0000000000000000-mapping.dmp
              Download
            • memory/2016-60-0x0000000000000000-mapping.dmp
              Download