Overview

overview

10

Static

static

document01.lnk

windows7-x64

8

document01.lnk

windows10-2004-x64

7

ipchains.dll

windows7-x64

8

ipchains.dll

windows10-2004-x64

10

price.bat

windows7-x64

3

price.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2023 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    price.bat

  • Size

    2KB

  • MD5

    2a677a2e87d30723a7f85db0e68246a0

  • SHA1

    8d6e8fd707166f6989d025b6e47eb32251ddf007

  • SHA256

    b9f0301c363e3e874f0020090db489b4621a7df827aa5202971d789f9762e145

  • SHA512

    fd976416ff65521c01c7c3cb5ccc4a7ce1fe786032868ed58314b5c412fc7dd5f7bd00aaae169adf0a0be0bd6caf6b40aaa91aba6c2945670d4d4e718f0dfe56

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\price.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K copy /y C:\Windows\System32\rundll32.exe C:\ProgramData\cmVhpKJSis23S.exe
      2⤵
        PID:1620
      • C:\Windows\system32\xcopy.exe
        xcopy /h /y ipchains.dll C:\ProgramData\
        2⤵
          PID:1628

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Discovery

      System Information Discovery

      1
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/968-56-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1620-54-0x0000000000000000-mapping.dmp
        Download
      • memory/1628-55-0x0000000000000000-mapping.dmp
        Download