4229afa268b34bb27263cd6bbdf1fec8896acf8c817e9b163710c9fdeddbea50

Analysis

max time kernel
11s
max time network
18s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31/03/2023, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Junkan.bat
Size

57B
MD5

e0e99ce0f3ca3fbd6d48d78b34800d59
SHA1

4451135f4a1949993333a3b6f442c7eecd62eb2f
SHA256

4229afa268b34bb27263cd6bbdf1fec8896acf8c817e9b163710c9fdeddbea50
SHA512

748d0e400ae87076447fa71fae8681dd8061a8c56c5ae0131df46b49eb65c70dce2de6c6c1e7f53cc8aa4074be2ea8951ca7885951acbf6e9fee41796e8a2b1e

Score

1^/10

Malware Config

Signatures

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	explorer.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 3868	3944	cmd.exe	67
PID 3944 wrote to memory of 3868	3944	cmd.exe	67
PID 3944 wrote to memory of 4552	3944	cmd.exe	68
PID 3944 wrote to memory of 4552	3944	cmd.exe	68
PID 3944 wrote to memory of 4756	3944	cmd.exe	69
PID 3944 wrote to memory of 4756	3944	cmd.exe	69
PID 3944 wrote to memory of 3088	3944	cmd.exe	70
PID 3944 wrote to memory of 3088	3944	cmd.exe	70
PID 3944 wrote to memory of 2284	3944	cmd.exe	72
PID 3944 wrote to memory of 2284	3944	cmd.exe	72
PID 3944 wrote to memory of 2092	3944	cmd.exe	73
PID 3944 wrote to memory of 2092	3944	cmd.exe	73
PID 3944 wrote to memory of 4364	3944	cmd.exe	74
PID 3944 wrote to memory of 4364	3944	cmd.exe	74

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Junkan.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Windows\explorer.exe
  Explorer
  2⤵
  - Modifies registry class
  PID:3868
- C:\Windows\explorer.exe
  Explorer
  2⤵
  - Modifies registry class
  PID:4552
- C:\Windows\explorer.exe
  Explorer
  2⤵
  - Modifies registry class
  PID:4756
- C:\Windows\explorer.exe
  Explorer
  2⤵
  - Modifies registry class
  PID:3088
- C:\Windows\explorer.exe
  Explorer
  2⤵
  - Modifies registry class
  PID:2284
- C:\Windows\explorer.exe
  Explorer
  2⤵
  - Modifies registry class
  PID:2092
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4364
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4396
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4324
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4160
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:2992
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:3376
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4880
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:2100
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4264
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:5116
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:5056
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1020
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:588
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:916
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1224
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1988
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:2388
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:3384
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:3356
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:216
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:2116
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1568
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:2524
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1640
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4448
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4740
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:3104
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:2816
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4464
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4340
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1740
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4844
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1676
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4232
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:5108
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1020
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1792
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1188
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1988
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4864
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:1660
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4060
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4176
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:3868
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:4740
- C:\Windows\explorer.exe
  Explorer
  2⤵
  PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin

Filesize
403KB

MD5
b4d3016a1cccde90a62b685149c832f9

SHA1
5d6c4ba3474e6544bd24343da564e90bba89f6f7

SHA256
df6afa046a72bb55e8984cf9e2870dc62112e4b81d4fef5a94c98e1c4386e373

SHA512
abf5e15b40fa03eb9390854199b9feaf0132aac756c5f07d45c81f58c8b4d909833a996a19ccfef7abb905ddb9206591b1eda49a4674bc75a7c5a9c6372590e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads