Overview

overview

8

Static

static

1

disclaimer.bat

windows7-x64

1

disclaimer.bat

windows10-2004-x64

1

install req.bat

windows7-x64

1

install req.bat

windows10-2004-x64

1

main.py

windows7-x64

3

main.py

windows10-2004-x64

3

setup.bat

windows7-x64

1

setup.bat

windows10-2004-x64

1

start.bat

windows7-x64

1

start.bat

windows10-2004-x64

1

web/gui.html

windows7-x64

1

web/gui.html

windows10-2004-x64

8

web/index.js

windows7-x64

1

web/index.js

windows10-2004-x64

1

Analysis

  • max time kernel
    28s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31-03-2023 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    disclaimer.bat

  • Size

    1KB

  • MD5

    850a38428a7ca32521ada820e387b56f

  • SHA1

    f7486042163e0b9af6c98039252ed56d76a520c9

  • SHA256

    1f35ae3a5153871955da8fd1941c9755ff4ba37c2c9b92787a75e81098d08f27

  • SHA512

    d82935da66287a3ae031be07958cfbd07a6bddf6c13204165542c1325e0436a5b9a58dc2e90ef7433134d51f638a2ec485655fe3acafa2bb8df944e2c5eb8dfc

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\disclaimer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
      2⤵
        PID:796

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads