Overview

overview

1

Static

static

1

install.bat

windows7-x64

1

install.bat

windows10-2004-x64

1

Resubmissions

07/02/2023, 18:14

230207-wvj6wada98 1

Analysis

  • max time kernel
    82s
  • max time network
    86s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/02/2023, 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    install.bat

  • Size

    4KB

  • MD5

    1e2f0cee168e9efbf71954a91c155356

  • SHA1

    1da5b5d28d83b51ee58895b48488a22d1dc49897

  • SHA256

    4cd8cc1a84521644561b76338aabcf7c1d7681564b0415b0a548b6a8e9700a73

  • SHA512

    593cbc366c79e7f2b0dda7260363305e9cd112f665a7375998b34f9a8792f9fb2313e36b17b587010f7d29b24221da756dee1a84f65628e69037a40952d52c64

  • SSDEEP

    96:qGQ9HHSDNcCMOQMYAMlVu7YOnMkycpy1Xq0RHqs0V:qGQ9nRY3YHXuMOMkycpy1XBqs0V

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\install.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\system32\findstr.exe
      findstr /v "^;;;===,,," "C:\Users\Admin\AppData\Local\Temp\install.bat"
      2⤵
        PID:4496
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        PowerShell.exe -ExecutionPolicy Bypass -Command "& 'C:\Users\Admin\AppData\Local\Temp\ps.ps1'"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2436
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4028

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ps.ps1
        Filesize

        4KB

        MD5

        4d70184c5dadd0bb980a13aedab4988b

        SHA1

        a8e17c70cba0911ca56b8f75f568082eb2849f9b

        SHA256

        259ec34b25f4aa29f33322702b3d3a678b7f1109f03ba3b04e973d0c3092a49a

        SHA512

        4475a858928fecbce18dbeb5463222020ab0848109e29afad9e0c72beb41941a9b60f1d8fdda073cd945846e0530ee9006c927bcd7af1e9d96828f18887f315f

        Download Submit

      • memory/2436-134-0x00000265F77B0000-0x00000265F77D2000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2436-136-0x00000265F7A20000-0x00000265F7A36000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2436-137-0x00000265F7A10000-0x00000265F7A1A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2436-138-0x00000265F7C00000-0x00000265F7C26000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2436-139-0x00007FFA4A0B0000-0x00007FFA4AB71000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/2436-140-0x00007FFA4A0B0000-0x00007FFA4AB71000-memory.dmp

        Filesize

        10.8MB

        Download