Overview

overview

4

Static

static

1

12.bat

windows7-x64

3

12.bat

windows10-2004-x64

4

Analysis

  • max time kernel
    1784s
  • max time network
    1627s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2023 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12.bat

  • Size

    49B

  • MD5

    354ee47d9b7f0877aaecd8db36e01468

  • SHA1

    9bd07f39a7b4980f4565c6a3a47f15d783707df0

  • SHA256

    6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f

  • SHA512

    20735574ef7634039d9de979e088193eb63d0682c602d2ecaa0296b72e5636de41b53a802d6ce205fc7334c7716c4add716de87205500c0384a55a5265a653f7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\12.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Xhackerprog/XWorm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:904

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    471B

    MD5

    515712ce84228f7308ce2b10c64c1eb5

    SHA1

    93f0cd800e7e5c74d9de433f01e0b6e35c867400

    SHA256

    984f09601d96d610bbba59f0e13e63dc83f6a76c3a2e971ed526f45c313d8217

    SHA512

    ea7b9102c04fbb716166f757ee7c6d9b1b37d0eb19967b1f7f10805f622f5fa149b5fdaeb6bc1523ec8089048bfc6636597949a8f3c48c8a96c3f79b2d91caf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b61ae01b7ff74edf7098714b1641e969

    SHA1

    ee3862aae78dffd1b324e937f8607df41eee3a5a

    SHA256

    05f55d87abe8a7d4c43890642aa0649456bd85ff0ef4d2ab60fd62fa7d62b2ce

    SHA512

    7661d9c66a341dc29e22daed820078a41545209a5cacbfcf9174dd81ccca70f0686544097651c1bba7a491317517d0c57e9dca3eafed5c43ea9399d9c5116ffc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac225972c8278f693eccaab58f499ded

    SHA1

    846b5c919caa57d39f46b5b223ed7edcd9a916ea

    SHA256

    955c0377522f2a4d86556159c9d0d25882f7e5205a4af11370e0ac0997a7be4a

    SHA512

    271d9e74991c677a98fcb667c763fc2199037c7f4d0335e742199ba60e2505dcd39db1c71da2568d79284f86d4a1b74b8de03ab22c03a903b3c53857272a9067

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3974c69bfbc7577062fe9d0b64691a3

    SHA1

    77781a28842adcc0efe17badeafe3956d00f3949

    SHA256

    3c8544547b80a0f8405942d4e66887c1063a93470f1724dd005c8b0831a04279

    SHA512

    2409ca42792bc158869241c4caf9b45d60f0f4162cc8d6ed33f75f899cc5674990c8caa7d81c169886f8404f8ce541b72561d0a0d1551512b8ab76efb26d1459

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d1bf08e757e0ff0e67ac34e10d69c57

    SHA1

    711d1025468cb618c6004b513ce6da2afab30770

    SHA256

    0ae6bc0a449bf0fe0315504f69f788df4412724e534cb696be5c8e035a0a65c8

    SHA512

    ad8201f68f01758c26975c06afbf08daeb88aab4bbdeb08a6b35f2e4a68c25ced3dca547aca4becbb338197d70e7d0e068ee36cf6d38f088c4cb37a6fcc72001

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0ab8d3e0062865d59e7039e68ff464f

    SHA1

    e547c7c100bfec8d41ce2e11dbaf51f37f96ede7

    SHA256

    2c9fd2ff8a68913af49aaad56295b35efad628a1ccad45f74346c594dda351ec

    SHA512

    2a72b79d3a5af5add09709e7d94b61e62833841850dc943a0684101db2abf713a75db3cf46891079fd2cd33e7922f627b86e84637b483d645a23fc2dc7dd5b90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e51be0b8374873f99b230d4c9c052a4

    SHA1

    75a4b2ed7445d069aa3e1172ffc8fbe2fa0b3872

    SHA256

    0ba607b9bdf79a6c246ad2a2994106ce4a8974378a693178e4f58e7aa88f7052

    SHA512

    287302f7dcf1120508cfbf24699ac17ff2ad8da9b9b0e044a5a3b669b132c0ea4d9513be5f99a53cceb2eaadc8b63b55661e7016164b9a59b52727a4de08bc8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b4782c1770b9da33219065cdd58ea0bb

    SHA1

    878ea69512be8a582fea44c7d2c146a0c66cb90a

    SHA256

    2d1576cac1428964140b2bcad1902bd88d3361b6afe637868c239cccc266f032

    SHA512

    471100dfe7a5e974121daa5af116d8186aef3601ddf795e3cc2a6b4900da4070d154d2f556e3b529062c2dd922c6d519b1157da313e92f8fdd746fa08eec2971

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a67ae2d811ec848ef7951dff05839b0

    SHA1

    6fbed86e18fb5048cbaeefef5ca289d3d4b531a1

    SHA256

    50ca8750f4efde40ef6446915bc85325b7a955b22357478d18f7513f59d28695

    SHA512

    fbad7a24cc1f434482680ed2842e644ec1c48a9359962b45e42fe99fc95ed9c7f8ff1e84a5851c79b946db3725d76c46109e2e6feb09438d9c091464eba3a417

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1af6b0286e4f19c118eafcddf650fe4

    SHA1

    d61efaab2f2449d5ba8a600241bd10c924fb83f4

    SHA256

    15565cff262e13063e779fac8865e3a721ef4897c995815e22574b35bfa69539

    SHA512

    7ec4aa23b6eaef52d6407ccb45d9e31b30ef2babff56eaeea92db85410453ea8672330330422ce701c279e94404d377ee7f6963d85c2a76a8bd9910dcb840bbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    561a37f6bdbea9fbbc94a088b79daa21

    SHA1

    5748f2eda562be11b680c87902d8dd24e9424e09

    SHA256

    d61a0a49800e57df44982647257832babbf8d18d1475b56bae5f48dae6b7f52b

    SHA512

    fb6f93f9a78ead336dcf31cf33e7f2b0576630c944aae1b57df81678d302596af8019c21da1a5b4ade50c3dd0b4267c9494e4193624258eba504dc4d180590c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D33E1QE\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9BC7.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9BD7.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9EDA.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R4EYZS90.txt
    Filesize

    605B

    MD5

    d82b229ee1a2c2f1519a15db7bb531b7

    SHA1

    a2a202087d9914098c99adfb4e2819c637f69039

    SHA256

    14ed5c6741c9e85629a37ca01219cfe02a42b6c4755f597e284b438173d7ed3c

    SHA512

    fc31f35ba5e0810c7f45d5dbced41ea7c3beba0aa44e1aabdce3496025021d9f308c08abb5dd294ef7f38fd9ace735dbac0f1c43d5ffa6b36dbd6f654cec7588

    Download Submit