Overview

overview

8

Static

static

load.bat

windows7-x64

8

load.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    1672s
  • max time network
    1818s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    load.bat

  • Size

    496B

  • MD5

    a3072c9a56684f918418eaeefc0b4d38

  • SHA1

    c4a6c2a96de6319c88544bd492b636eb725334e5

  • SHA256

    ebdac8a9bc06fae455da8ac73f7cfe95e9960d5316b4c9a3a171d54dbc465c4a

  • SHA512

    c9c819be497fc48b465c501ed6a63518c7317e9698c89329b9d765d5e8d976e253ec2934b0a7d95e24e35b94b893ea7d145639979e5e393d7fe66819143017a7

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\load.bat"
    1⤵
      PID:1280
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1128 /prefetch:2
      1⤵
        PID:1320
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1272 /prefetch:8
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:268
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 /prefetch:8
        1⤵
          PID:1244
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
          1⤵
            PID:692
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
            1⤵
              PID:812
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
              1⤵
                PID:984
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3280 /prefetch:2
                1⤵
                  PID:1336
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                  1⤵
                    PID:2024
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3496 /prefetch:8
                    1⤵
                      PID:988
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3520 /prefetch:8
                      1⤵
                        PID:2068
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 /prefetch:8
                        1⤵
                          PID:2176
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 /prefetch:8
                          1⤵
                            PID:2256
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
                            1⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2320
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8
                            1⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2520
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3732 /prefetch:8
                            1⤵
                              PID:2528
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
                              1⤵
                                PID:2572
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3740 /prefetch:8
                                1⤵
                                  PID:2652
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
                                  1⤵
                                    PID:2728
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
                                    1⤵
                                      PID:2812
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3732 /prefetch:8
                                      1⤵
                                        PID:2948
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
                                        1⤵
                                        • Drops file in Program Files directory
                                        • Suspicious use of WriteProcessMemory
                                        PID:2988
                                        • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2988_1255526473\ChromeRecovery.exe
                                          "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2988_1255526473\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={d0c0c7f9-bf0c-48a4-9c91-757728db5873} --system
                                          2⤵
                                          • Executes dropped EXE
                                          PID:3028
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 /prefetch:8
                                        1⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3020
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=652 /prefetch:8
                                        1⤵
                                          PID:1880
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3220 /prefetch:8
                                          1⤵
                                            PID:2200
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3500 /prefetch:8
                                            1⤵
                                              PID:2132
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3776 /prefetch:8
                                              1⤵
                                                PID:1144
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3224 /prefetch:8
                                                1⤵
                                                  PID:2324
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
                                                  1⤵
                                                    PID:2640
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3168 /prefetch:8
                                                    1⤵
                                                      PID:2812
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3244 /prefetch:8
                                                      1⤵
                                                        PID:2704
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,10110793602877191238,17368685516572677535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=844 /prefetch:8
                                                        1⤵
                                                          PID:2404

                                                        Network

                                                        MITRE ATT&CK Matrix

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2988_1255526473\ChromeRecovery.exe
                                                          Filesize

                                                          253KB

                                                          MD5

                                                          49ac3c96d270702a27b4895e4ce1f42a

                                                          SHA1

                                                          55b90405f1e1b72143c64113e8bc65608dd3fd76

                                                          SHA256

                                                          82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

                                                          SHA512

                                                          b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

                                                          Download Submit

                                                        • memory/3028-54-0x0000000000000000-mapping.dmp

                                                          Download

                                                        • memory/3028-56-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

                                                          Filesize

                                                          8KB

                                                          Download