Overview

overview

10

Static

static

10

vessel-64.dat.dll

windows10_x64

5

core.bat

windows10_x64

5

Resubmissions

13-09-2021 11:20

210913-nfdrjsdee4 10

13-09-2021 09:09

210913-k4h5dsddd4 10

Analysis

  • max time kernel
    368s
  • max time network
    1554s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    13-09-2021 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    core.bat

  • Size

    186B

  • MD5

    c69400616b3e6ff4875c8322f7ef0ed1

  • SHA1

    da112c52c72f50a64ff4aabcec17f5f3c16c5148

  • SHA256

    d6e0649ba38b6acbd75fd06d34cbe332220c4b6d7d774afceaa2816a6bd8ba68

  • SHA512

    2c61b0c6578eb8306da959ad329723902469a07418b2ea80a93f330f59ce757c0d660b7ae915d6d14735e6557b324668c6fd1af9cc0da866cc139fc35e5df0f9

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\core.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\vessel-64.dat,DllMain /i="license.dat"
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:1640
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\vessel-64.dat,update /i="license.dat"
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1640-114-0x0000000000000000-mapping.dmp
    Download
  • memory/2156-115-0x0000000000000000-mapping.dmp
    Download