Overview

overview

8

Static

static

Check_Disable.cmd

windows7-x64

8

Check_Disable.cmd

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2022, 23:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Check_Disable.cmd

  • Size

    2KB

  • MD5

    86e1d0c712554c1871a78f61b5d194e7

  • SHA1

    62c5a5d7c8873d33634f2e30dbcf43046badb74c

  • SHA256

    6d12d961ac8e7ed617e8a46e837a4810baa124aa149e2ffbcd3511afbecf7e1b

  • SHA512

    627e605f42e006dfca7b221a20fb73ad66fa86a489844fb013c1cb8c1113a72a9fdf47d20df893eaeb69239fe5bae920fee3fe35e4c72a12c9de707a80189ba6

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Check_Disable.cmd"
    1⤵
    • Drops file in Drivers directory
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Windows\system32\find.exe
      FIND /c /i "na1r.services.adobe.com" C:\Windows\system32\drivers\etc\hosts
      2⤵
        PID:1732
      • C:\Windows\system32\find.exe
        FIND /c /i "hlrcv.stage.adobe.com" C:\Windows\system32\drivers\etc\hosts
        2⤵
          PID:1104
        • C:\Windows\system32\find.exe
          FIND /c /i "lmlicenses.wip4.adobe.com" C:\Windows\system32\drivers\etc\hosts
          2⤵
            PID:1748
          • C:\Windows\system32\find.exe
            FIND /c /i "lm.licenses.adobe.com" C:\Windows\system32\drivers\etc\hosts
            2⤵
              PID:980
            • C:\Windows\system32\find.exe
              FIND /c /i " activate.adobe.com" C:\Windows\system32\drivers\etc\hosts
              2⤵
                PID:820
              • C:\Windows\system32\find.exe
                FIND /c /i "practivate.adobe.com" C:\Windows\system32\drivers\etc\hosts
                2⤵
                  PID:2040
                • C:\Windows\system32\ipconfig.exe
                  ipconfig /flushdns
                  2⤵
                  • Gathers network information
                  PID:1744

              Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Windows\system32\drivers\etc\hosts
                      Filesize

                      860B

                      MD5

                      264172e50724249ecb54844ae7c51f7d

                      SHA1

                      a2149cbf014f3c99f461309ad51851886525b0d7

                      SHA256

                      3078d559507f7698d7fa122209abbbbae354ff45e4b33aef0224d706d151e0a3

                      SHA512

                      7a5cf08fd3c3c8ff1681db764e139da5316e6bafcf82caf733f53ce3ecdec098fc9a2dec801fb85059fdb465a24ff051afb9ddab6b7eb729359d209801749812

                      Download Submit

                    • C:\Windows\system32\drivers\etc\hosts
                      Filesize

                      894B

                      MD5

                      450f060b821c0c40981e2c7f89a94e9e

                      SHA1

                      00eb244d037c8e7c55e185cfe10c175b21e3bd44

                      SHA256

                      2d3854c276f01279944ab93efba9604ee38e63cf5370a996a4887f1cc93c74f0

                      SHA512

                      0ef0dcef237159dace84f1c554e2687bd669c46d31705a6e3c08da155c3e00b21a8fd238d8a6fa986c4c650139bca3f4fb8aa99aaadea46d1e8ad1d985b14559

                      Download Submit

                    • C:\Windows\system32\drivers\etc\hosts
                      Filesize

                      932B

                      MD5

                      ac48f8a63537d48806b5fa8213089079

                      SHA1

                      7a32282c354a5dade7d1ec731358c38911b60cb0

                      SHA256

                      f363e07c4f622b3fb0e34f37d065976bfc842a27858e2020f8e813aa897862d4

                      SHA512

                      e1424f7d3f55024ee1ec0374657f945ade5f97de486020c42481f267ebd00814281a254b8c02b14d770fd593bbdbac41d4fb3f1955e2120c497d544a1b91195e

                      Download Submit

                    • C:\Windows\system32\drivers\etc\hosts
                      Filesize

                      966B

                      MD5

                      69628b38ffb11acf16555b1ca067a41f

                      SHA1

                      575c80fe6445df644d10821d454073707ac57785

                      SHA256

                      c2ab1483be0bd767db7cfbe73c6fefa3bce931e53bb06636e4f3bdb50133bd00

                      SHA512

                      cc1646f5f9e12b6813fa519d4ec48990aac6695b330ee74c5103a7bf80f964766bb87091e313a8cbc97ad486bab4e0337897f570d1ea4123969c3a4102a241fe

                      Download Submit

                    • C:\Windows\system32\drivers\etc\hosts
                      Filesize

                      997B

                      MD5

                      1d90d70dd511fd6440664f8d2c161b7b

                      SHA1

                      0f5a01d4920db9cea958ae0aece90ea90689684c

                      SHA256

                      c1ea75c7d0bf96a898d20cf93dde7ea5219586c9adcd1670c87007e540866e45

                      SHA512

                      e7fdeebd99b1ce4e411d43bd5eb3acbda09016b03bd539495c05b4751f5be5c299e52231404870564fe28cf4388fe7857c7eba7b6742808f0b35bab8cc8dcd60

                      Download Submit