29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

ADZP 20 Complex.bat

windows7-x64

5

ADZP 20 Complex.bat

windows10-2004-x64

8

Sharing

General

Target

ADZP 20 Complex.bat
Size

17KB
Sample

230507-2zpj2sgb48
MD5

591700c81fbd38cf8c83092030536c14
SHA1

a122ca4b91ec2275400e10f21093c43186391c97
SHA256

29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e
SHA512

ae3e1ffef5a82016f13fe728a8a3f2696ed55cdd9ea60d6e75352d55f95fe71cb09bad02945601d4661818473882cc4fae4493d9125e3803054e69c861a97758
SSDEEP

192:Un0iMJWap3ahz9j3E301VaYYATCdhSouXKN:ZJWo3yzHVbYMW

Score

8^/10

discovery evasion exploit spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ADZP 20 Complex.bat

Resource

win7-20230220-en

windows7-x64

3 signatures

1200 seconds

Behavioral task

behavioral2

Sample

ADZP 20 Complex.bat

Resource

win10v2004-20230221-en

discovery evasion exploit spyware stealer

windows10-2004-x64

22 signatures

1200 seconds

Malware Config

Targets

- Target
  
  ADZP 20 Complex.bat
- Size
  
  17KB
- MD5
  
  591700c81fbd38cf8c83092030536c14
- SHA1
  
  a122ca4b91ec2275400e10f21093c43186391c97
- SHA256
  
  29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e
- SHA512
  
  ae3e1ffef5a82016f13fe728a8a3f2696ed55cdd9ea60d6e75352d55f95fe71cb09bad02945601d4661818473882cc4fae4493d9125e3803054e69c861a97758
- SSDEEP
  
  192:Un0iMJWap3ahz9j3E301VaYYATCdhSouXKN:ZJWo3yzHVbYMW
Score

8^/10

discovery evasion exploit spyware stealer
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Command-Line Interface

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionexploitspywarestealer

© 2018-2025

Terms | Privacy