Overview

overview

1

Static

static

1

VS.bat

windows7-x64

1

VS.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2023 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VS.bat

  • Size

    2KB

  • MD5

    0466123099d2b9012a530e50559e7944

  • SHA1

    1ab78c20ef8ad5c1a26bd2be3514e5ca607c9efe

  • SHA256

    76ab0e05ba20883efc507e3aa6c4eac185b33616ba95ae30115db9b59fe54b62

  • SHA512

    7ac61033281ef5bef5b16443a206924f3996679db53dda8ba65cb28acf62420b8b83ed1398a43db2267fe9547640d2b8f4e871ee4f4f83146bb14e1de517d40c

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\VS.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c REG QUERY "HKCU\SOFTWARE\DownloadManager" /v "VScannerProgram" 2>NUL
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1920
      • C:\Windows\system32\reg.exe
        REG QUERY "HKCU\SOFTWARE\DownloadManager" /v "VScannerProgram"
        3⤵
          PID:1928
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c REG QUERY "HKCU\Software\VScan" /v "LastTimeOfStart" 2>NUL
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1324
        • C:\Windows\system32\reg.exe
          REG QUERY "HKCU\Software\VScan" /v "LastTimeOfStart"
          3⤵
            PID:1968
        • C:\Windows\system32\reg.exe
          REG ADD "HKCU\Software\VScan" /v "LastTimeOfStart" /t REG_SZ /d 1 /f
          2⤵
            PID:1976
          • C:\Windows\system32\timeout.exe
            TIMEOUT /T 300
            2⤵
            • Delays execution with timeout.exe
            PID:1868

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads