Overview

overview

10

Static

static

1

Install_Auto.bat

windows7-x64

1

Install_Auto.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    27s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2023 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Install_Auto.bat

  • Size

    492B

  • MD5

    e811b616f7c5dcbbd9d48d91c605a11e

  • SHA1

    9a4b0fe213a789b54f559bd0dda3649738f72716

  • SHA256

    7d4f17d9c4809e6a6874e11c484f6c6b3b966dd5a33f9f09d9d3a3d600b4e355

  • SHA512

    57f9c415fe3f3cf35075c3c768175258719a2ea4345391c30a35bbc088fa856494079bf8cbaeea18f93f0b8ee39e7f4da4d68e59540a3d5e9e98f024181addc3

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Install_Auto.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "&{[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12}; """"& { $((Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/amd64fox/SpotX/main/Install.ps1').Content)} -confirm_uninstall_ms_spoti -confirm_spoti_recomended_over -podcasts_off -cache_off -block_update_on -start_spoti -new_theme -adsections_off -lyrics_stat spotify """" | Invoke-Expression"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1584-58-0x000000001B300000-0x000000001B5E2000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1584-59-0x0000000001FD0000-0x0000000001FD8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1584-61-0x0000000002890000-0x0000000002910000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1584-60-0x0000000002890000-0x0000000002910000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1584-62-0x0000000002890000-0x0000000002910000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1584-63-0x000000000289B000-0x00000000028D2000-memory.dmp
    Filesize

    220KB

    Download