Overview

overview

10

Static

static

1

ESPOTIFY S...17.exe

windows7-x64

10

ESPOTIFY S...17.exe

windows10-2004-x64

7

ESPOTIFY S...ll.bat

windows7-x64

1

ESPOTIFY S...ll.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2023 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ESPOTIFY SIN PUBLICIDAD/install.bat

  • Size

    4KB

  • MD5

    1e2f0cee168e9efbf71954a91c155356

  • SHA1

    1da5b5d28d83b51ee58895b48488a22d1dc49897

  • SHA256

    4cd8cc1a84521644561b76338aabcf7c1d7681564b0415b0a548b6a8e9700a73

  • SHA512

    593cbc366c79e7f2b0dda7260363305e9cd112f665a7375998b34f9a8792f9fb2313e36b17b587010f7d29b24221da756dee1a84f65628e69037a40952d52c64

  • SSDEEP

    96:qGQ9HHSDNcCMOQMYAMlVu7YOnMkycpy1Xq0RHqs0V:qGQ9nRY3YHXuMOMkycpy1XBqs0V

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\install.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Windows\system32\findstr.exe
      findstr /v "^;;;===,,," "C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\install.bat"
      2⤵
        PID:4660
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        PowerShell.exe -ExecutionPolicy Bypass -Command "& 'C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\ps.ps1'"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3344

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ESPOTIFY SIN PUBLICIDAD\ps.ps1
      Filesize

      4KB

      MD5

      4d70184c5dadd0bb980a13aedab4988b

      SHA1

      a8e17c70cba0911ca56b8f75f568082eb2849f9b

      SHA256

      259ec34b25f4aa29f33322702b3d3a678b7f1109f03ba3b04e973d0c3092a49a

      SHA512

      4475a858928fecbce18dbeb5463222020ab0848109e29afad9e0c72beb41941a9b60f1d8fdda073cd945846e0530ee9006c927bcd7af1e9d96828f18887f315f

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_auj25aoh.rvg.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit
    • memory/3344-134-0x0000020BE94B0000-0x0000020BE94D2000-memory.dmp
      Filesize

      136KB

      Download
    • memory/3344-135-0x0000020BE9A10000-0x0000020BE9A20000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3344-145-0x0000020BE9A10000-0x0000020BE9A20000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3344-147-0x0000020BE99A0000-0x0000020BE99B6000-memory.dmp
      Filesize

      88KB

      Download
    • memory/3344-148-0x0000020BE9990000-0x0000020BE999A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/3344-149-0x0000020BEC9B0000-0x0000020BEC9D6000-memory.dmp
      Filesize

      152KB

      Download
    • memory/3344-150-0x0000020BE9A10000-0x0000020BE9A20000-memory.dmp
      Filesize

      64KB

      Download