Overview
overview
8Static
static
1disclaimer.bat
windows7-x64
1disclaimer.bat
windows10-2004-x64
1install req.bat
windows7-x64
1install req.bat
windows10-2004-x64
1main.py
windows7-x64
3main.py
windows10-2004-x64
3setup.bat
windows7-x64
1setup.bat
windows10-2004-x64
1start.bat
windows7-x64
1start.bat
windows10-2004-x64
1web/gui.html
windows7-x64
1web/gui.html
windows10-2004-x64
8web/index.js
windows7-x64
1web/index.js
windows10-2004-x64
1Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31-03-2023 20:10
Static task
static1
Behavioral task
behavioral1
Sample
disclaimer.bat
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
disclaimer.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
install req.bat
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
install req.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
main.py
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
main.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
setup.bat
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
setup.bat
Resource
win10v2004-20230221-en
Behavioral task
behavioral9
Sample
start.bat
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
start.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
web/gui.html
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
web/gui.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
web/index.js
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
web/index.js
Resource
win10v2004-20230220-en
General
-
Target
disclaimer.bat
-
Size
1KB
-
MD5
850a38428a7ca32521ada820e387b56f
-
SHA1
f7486042163e0b9af6c98039252ed56d76a520c9
-
SHA256
1f35ae3a5153871955da8fd1941c9755ff4ba37c2c9b92787a75e81098d08f27
-
SHA512
d82935da66287a3ae031be07958cfbd07a6bddf6c13204165542c1325e0436a5b9a58dc2e90ef7433134d51f638a2ec485655fe3acafa2bb8df944e2c5eb8dfc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1596 wrote to memory of 796 1596 cmd.exe cmd.exe PID 1596 wrote to memory of 796 1596 cmd.exe cmd.exe PID 1596 wrote to memory of 796 1596 cmd.exe cmd.exe