Overview

overview

1

Static

static

1

filesreader.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    1406s
  • max time network
    1231s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2023, 16:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    filesreader.bat

  • Size

    380B

  • MD5

    bd6ca838d203b7090e89d139c00a0635

  • SHA1

    d05182335a207980d50ad52bfdcdacdab6a09550

  • SHA256

    d728730289892745d8ee4cedee36ca65e5338951cd34b89ce41acfadbcc30aff

  • SHA512

    ab2f908ed0019576af2f94d86a3ea77bc0cd91d2e9839fc556f895bd7e4e7611eb27364e7d335e44ed6724eb7f2aab6ec026054e9033ed583c7df95803e8eade

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\filesreader.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -window minimized -command ""
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2160
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c dir /s /b /a-d
      2⤵
        PID:4952

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tizwhmey.bj3.ps1
            Filesize

            60B

            MD5

            d17fe0a3f47be24a6453e9ef58c94641

            SHA1

            6ab83620379fc69f80c0242105ddffd7d98d5d9d

            SHA256

            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

            SHA512

            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\filesread.txt
            Filesize

            1KB

            MD5

            9887619c108661451f126c24a8521e8b

            SHA1

            3c304c689f28f9f24307c65f45b047b889118245

            SHA256

            357e687399587a148054a5d86fc3c089a0940938c6af8cf0d9fabddcd64c728c

            SHA512

            274a64ae61b1413993187cf6c3f11b20c058f7eb6a8ec1a1b3a97d3489903201585422ef63ae8b98e17610287a7196487c8d4219ee5e5371b2f465db2c13fd87

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\filesread.txt
            Filesize

            4KB

            MD5

            db697e19fd9642a444c67ae9ac190192

            SHA1

            d1c890d81937d5633e716ebae638863ae4e91765

            SHA256

            e8ef152ca93d35ca0e4331e701f142e3dbd2d3c756ee73d0f16f119bd4682c40

            SHA512

            c7efb18125cd9771cb5af61c61df604de2daf0892e6dca00038bdc5c2bc736b1f0fbf082d8b7eee5b96a1a48f26d2c76e5df9f8327b6d38ccc99386626119c45

            Download Submit

          • memory/2160-138-0x00000230F0370000-0x00000230F0392000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2160-145-0x00000230EF5B0000-0x00000230EF5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2160-3727-0x00000230EF5B0000-0x00000230EF5C0000-memory.dmp

            Filesize

            64KB

            Download