d261cc4cc40165817ae64ca19140e5c574f36d97c703165256e92e1df02becd0 | Triage

Submit
Reports

Overview

overview

Static

static

7

Executable...ce.url

windows10-2004-x64

1

Executable...rd.url

windows10-2004-x64

1

Executable...on.url

windows10-2004-x64

1

Executable...um.url

windows10-2004-x64

1

Executable...ub.url

windows10-2004-x64

1

Executable...te.url

windows10-2004-x64

1

Executable...e).url

windows10-2004-x64

1

Executable...ub.url

windows10-2004-x64

1

Executable...er.cmd

windows10-2004-x64

Executable...TI.cmd

windows10-2004-x64

1

Executable...vc.cmd

windows10-2004-x64

Executable...ev.cmd

windows10-2004-x64

Executable...er.exe

windows10-2004-x64

3

Executable...ce.exe

windows10-2004-x64

7

Executable...P1.cmd

windows10-2004-x64

1

Executable...P2.cmd

windows10-2004-x64

1

Executable...RS.cmd

windows10-2004-x64

1

Executable...OP.cmd

windows10-2004-x64

1

Executable...NP.ps1

windows10-2004-x64

1

Executables/EDGE.cmd

windows10-2004-x64

1

Executable...ZE.cmd

windows10-2004-x64

6

Executable...PT.ps1

windows10-2004-x64

1

Executables/ONED.cmd

windows10-2004-x64

1

Executables/PFP.cmd

windows10-2004-x64

1

Executables/POWER.cmd

windows10-2004-x64

1

Executable...NU.cmd

windows10-2004-x64

4

Executable...TH.cmd

windows10-2004-x64

1

Executable...ER.cmd

windows10-2004-x64

4

Executable...00.png

windows10-2004-x64

3

Executable...rk.png

windows10-2004-x64

3

Executable...ht.png

windows10-2004-x64

3

playbook.xml

windows10-2004-x64

1

Resubmissions

25/04/2023, 20:18

230425-y3j7yscg23 10

Analysis

max time kernel
504s
max time network
508s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2023, 20:18

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Executables/Atlas/4. Troubleshooting/Visual C++ Redistributables/Visual C++ Redistributables AIO Source.url

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral2

Sample

Executables/Atlas/Atlas Discord.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral3

Sample

Executables/Atlas/Atlas Documentation.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral4

Sample

Executables/Atlas/Atlas Forum.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral5

Sample

Executables/Atlas/Atlas GitHub.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral6

Sample

Executables/Atlas/Atlas Website.url

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral7

Sample

Executables/AtlasModules/Acknowledgements/Atlas Utilities (filepicker & multichoice).url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral8

Sample

Executables/AtlasModules/Acknowledgements/setSvc GitHub.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral9

Sample

Executables/AtlasModules/Scripts/Auto-Cleaner.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

6 signatures

600 seconds

Behavioral task

behavioral10

Sample

Executables/AtlasModules/Scripts/RunAsTI.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral11

Sample

Executables/AtlasModules/Scripts/setSvc.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

6 signatures

600 seconds

Behavioral task

behavioral12

Sample

Executables/AtlasModules/Scripts/toggleDev.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

6 signatures

600 seconds

Behavioral task

behavioral13

Sample

Executables/AtlasModules/Tools/filepicker.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral14

Sample

Executables/AtlasModules/Tools/multichoice.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral15

Sample

Executables/BACKUP1.cmd

Resource

win10v2004-20230221-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral16

Sample

Executables/BACKUP2.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral17

Sample

Executables/CONVERTUSERS.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral18

Sample

Executables/COPYDESKTOP.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral19

Sample

Executables/DISABLEPNP.ps1

Resource

win10v2004-20230220-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral20

Sample

Executables/EDGE.cmd

Resource

win10v2004-20230221-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral21

Sample

Executables/FINALIZE.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

600 seconds

Behavioral task

behavioral22

Sample

Executables/MITIGATIONPROMPT.ps1

Resource

win10v2004-20230221-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral23

Sample

Executables/ONED.cmd

Resource

win10v2004-20230221-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral24

Sample

Executables/PFP.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral25

Sample

Executables/POWER.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral26

Sample

Executables/STARTMENU.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

7 signatures

600 seconds

Behavioral task

behavioral27

Sample

Executables/UPDHEALTH.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral28

Sample

Executables/WALLPAPER.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral29

Sample

Executables/Web/Screen/img100.png

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral30

Sample

Executables/Web/Wallpaper/Windows/atlas-dark.png

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral31

Sample

Executables/Web/Wallpaper/Windows/atlas-light.png

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral32

Sample

playbook.xml

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

600 seconds

Report Analysis Logs

General

Target

Executables/Web/Wallpaper/Windows/atlas-light.png
Size

12KB
MD5

8e1fce7ff8e19657080e4e3444f5998c
SHA1

870e2751d32bed5fd8c329ced9a0c2cc9d12a6bf
SHA256

03fb04e7069a2bf89a5e8a0278344df3f02f1f96ff4d347d810b2940bac9a152
SHA512

7be971303211af87088235c7cc66107905cc6436c039e01413d5368e667c04ed3956448ed4a31677e3ad517cae1e9b9d068201653b4643993b3b295d4b999356
SSDEEP

48:9/6x0aA5DzE9/KDJLxn1AS4Zyey0D/hHZygbsxNWSkFOmUGa/P1RTcPpENv3KD0h:9Sx0a0/D/1j4cey0bba3ezkPnQQ3KYh

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Processes

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Executables\Web\Wallpaper\Windows\atlas-light.png
1⤵
PID:1416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy