Overview

overview

1

Static

static

batch CF�...SI.bat

windows7-x64

1

batch CF�...SI.bat

windows10-2004-x64

1

batch CF�...F8.bat

windows7-x64

1

batch CF�...F8.bat

windows10-2004-x64

1

batch CF�...LF.exe

windows7-x64

1

batch CF�...LF.exe

windows10-2004-x64

1

batch CF�...TT.bat

windows7-x64

1

batch CF�...TT.bat

windows10-2004-x64

1

batch CF�...rl.exe

windows7-x64

1

batch CF�...rl.exe

windows10-2004-x64

1

batch CF�...rl.dll

windows7-x64

1

batch CF�...rl.dll

windows10-2004-x64

1

batch CF�...rl.exe

windows7-x64

1

batch CF�...rl.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    97s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-09-2022 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    batch CF优选IP/CF优选IP-ANSI.bat

  • Size

    8KB

  • MD5

    0266c99fbc82bae034332061fd37c676

  • SHA1

    74c1c48f75d1a94c8e73a09e4e1e633f16a2f3c1

  • SHA256

    14298a2ebc0d8e4e496110c0c883ec540ed51b4123adf219bb2090c6b0effbdf

  • SHA512

    6eb0a3123c87b7addfd79cb37d4ad4a05d8cef4bd0c3ad2ddfe7ddfb644d6436e5cf2c07122367a65eb1b1c296bdd92a4c95b801d86a5f20be8c0c7d245e7a72

  • SSDEEP

    192:SQZDsKR9sSxJQysi7kG0fkzo4U6B9yUvFO9aMwiVJoci63:J9JR9rui4gHmU9OhiK

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\batch CF优选IP\CF优选IP-ANSI.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\Windows\system32\chcp.com
      chcp 936
      2⤵
        PID:2764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2764-132-0x0000000000000000-mapping.dmp

      Download