Analysis
-
max time kernel
91s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 16:57
Static task
static1
Behavioral task
behavioral1
Sample
Easy Hax.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Easy Hax.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
IP_Config.bat
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
IP_Config.bat
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
IP_Spoofer.bat
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
IP_Spoofer.bat
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Stabilizer.bat
Resource
win7-20220414-en
General
-
Target
IP_Spoofer.bat
-
Size
282B
-
MD5
4048b6cf9be730c27e34e530e6462c5a
-
SHA1
f2a0ad5815e9255e6a98aebebf87525b65c984c8
-
SHA256
4ac41475c9348c242f6e32f35af952a7a38a08acd37d729741b6ecab3f0c05e7
-
SHA512
313398ce2bef2619d7a26a6bd0996ab20269d314ec3ced893b9d21bd995e307154b788d45bf14771c400ff83fe8525016072c69fdbcff23280970c0ee9b334de
Malware Config
Signatures
-
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 3180 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
taskkill.exedescription pid process Token: SeDebugPrivilege 3180 taskkill.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 4668 wrote to memory of 3180 4668 cmd.exe taskkill.exe PID 4668 wrote to memory of 3180 4668 cmd.exe taskkill.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\IP_Spoofer.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /F /IM explorer.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3180-130-0x0000000000000000-mapping.dmp