Overview

overview

10

Static

static

1

ESPOTIFY S...17.exe

windows7-x64

10

ESPOTIFY S...17.exe

windows10-2004-x64

7

ESPOTIFY S...ll.bat

windows7-x64

1

ESPOTIFY S...ll.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2023 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ESPOTIFY SIN PUBLICIDAD/install.bat

  • Size

    4KB

  • MD5

    1e2f0cee168e9efbf71954a91c155356

  • SHA1

    1da5b5d28d83b51ee58895b48488a22d1dc49897

  • SHA256

    4cd8cc1a84521644561b76338aabcf7c1d7681564b0415b0a548b6a8e9700a73

  • SHA512

    593cbc366c79e7f2b0dda7260363305e9cd112f665a7375998b34f9a8792f9fb2313e36b17b587010f7d29b24221da756dee1a84f65628e69037a40952d52c64

  • SSDEEP

    96:qGQ9HHSDNcCMOQMYAMlVu7YOnMkycpy1Xq0RHqs0V:qGQ9nRY3YHXuMOMkycpy1XBqs0V

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\install.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\system32\findstr.exe
      findstr /v "^;;;===,,," "C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\install.bat"
      2⤵
        PID:1196
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        PowerShell.exe -ExecutionPolicy Bypass -Command "& 'C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\ps.ps1'"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1296

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\ps.ps1
      Filesize

      4KB

      MD5

      4d70184c5dadd0bb980a13aedab4988b

      SHA1

      a8e17c70cba0911ca56b8f75f568082eb2849f9b

      SHA256

      259ec34b25f4aa29f33322702b3d3a678b7f1109f03ba3b04e973d0c3092a49a

      SHA512

      4475a858928fecbce18dbeb5463222020ab0848109e29afad9e0c72beb41941a9b60f1d8fdda073cd945846e0530ee9006c927bcd7af1e9d96828f18887f315f

      Download Submit
    • memory/1296-59-0x000000001B260000-0x000000001B542000-memory.dmp
      Filesize

      2.9MB

      Download
    • memory/1296-60-0x0000000002360000-0x0000000002368000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1296-61-0x0000000002840000-0x00000000028C0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1296-62-0x0000000002840000-0x00000000028C0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1296-63-0x0000000002840000-0x00000000028C0000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1296-65-0x000000000284B000-0x0000000002882000-memory.dmp
      Filesize

      220KB

      Download