b37cca20d6e682c7532e663336530274863726f352c54de70adfbe3741f8a226

Analysis

max time kernel
29s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/04/2023, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batch/Clear DNS Cache (Ping Improve).cmd
Size

50B
MD5

b01f41d85d8212a7433f805110837be8
SHA1

22de25f00c21b7d48acd05d00ba014d71bec72b7
SHA256

ceea282669ffa42045c575cb3eaf84ac18265d13d12752222f7f48e25403feda
SHA512

7f42ed88df9ffcec8e053f0ef53264aaca915fcdfe31e2d3eccbf00c99ae0868801b24e1d76c14f4897b447adb58e0002019181759a518419314a75d488929d4

Score

1^/10

Malware Config

Signatures

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
1584	ipconfig.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1584	904	cmd.exe	28
PID 904 wrote to memory of 1584	904	cmd.exe	28
PID 904 wrote to memory of 1584	904	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\batch\Clear DNS Cache (Ping Improve).cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\system32\ipconfig.exe
  ipconfig /flushdns
  2⤵
  - Gathers network information
  PID:1584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads