Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
27/05/2023, 08:20
Static task
static1
Behavioral task
behavioral1
Sample
11.bat
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
11.bat
Resource
win10v2004-20230220-en
General
-
Target
11.bat
-
Size
1KB
-
MD5
2bf18395638967388a293626e977ec05
-
SHA1
c8534f92211399f890e3757da136c899f14b53b3
-
SHA256
b2069732f98d91fc2b2814c687115ab927191a0db26dd21a9ac0f7f79a65672b
-
SHA512
3e2234ba2916935ec9edf6b98d00a012e0d8b754a30350234335f52e0463a44fd11a7642877364f4ce0ca81d3ddf78d899e5d983ffbf6bacc60c065ed36f1f83
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1108 wrote to memory of 1988 1108 cmd.exe 28 PID 1108 wrote to memory of 1988 1108 cmd.exe 28 PID 1108 wrote to memory of 1988 1108 cmd.exe 28 PID 1108 wrote to memory of 1192 1108 cmd.exe 29 PID 1108 wrote to memory of 1192 1108 cmd.exe 29 PID 1108 wrote to memory of 1192 1108 cmd.exe 29 PID 1108 wrote to memory of 1720 1108 cmd.exe 30 PID 1108 wrote to memory of 1720 1108 cmd.exe 30 PID 1108 wrote to memory of 1720 1108 cmd.exe 30 PID 1108 wrote to memory of 1388 1108 cmd.exe 31 PID 1108 wrote to memory of 1388 1108 cmd.exe 31 PID 1108 wrote to memory of 1388 1108 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\11.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Windows\system32\cmd.execmd.exe /c C:\ProgramData\sett.bat"2⤵PID:1988
-
-
C:\Windows\system32\cmd.execmd.exe /c C:\ProgramData\7z.bat"2⤵PID:1192
-
-
C:\Windows\system32\cmd.execmd.exe /c C:\ProgramData\2.bat"2⤵PID:1720
-
-
C:\Windows\system32\cmd.execmd.exe /c C:\ProgramData\2.bat"2⤵PID:1388
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
202B
MD59d012776fb8716fbccf70bb57ae7c7a2
SHA1bb5dd6998bd3e58259a8da00dec82b910f0cba95
SHA256cf3fd955993cc009626ce769ec543d1f951911fb891fccb2c33700c37d3488f1
SHA51279e7c4ba9baac4c1e0cd1cf308f7ce02f98e56d12abf3d5745fa6a5d1bcf55170a83134894b1e427893c1b8be70b0473e1fe45d062af806e9f60cf599533fe94
-
Filesize
208B
MD57fc6d26bb3e5ff0178bbca973729469f
SHA1243bf47775c7bbf1498a7b026dffe0b4ed4a3cd3
SHA25659b8fd877b81ab11211b03d4707db2f1f36b30ac2318a34d61300c57588fb495
SHA512614331c41bd6ede3a1c91cfcea3a01569f6af4def0f61acb259f0998bfb5d829a36771c393b5169c52e3f1da9d91592a00c1062607b4f23d4a2fcf8f3f978f37
-
Filesize
218B
MD5682951b449a6ba6a19e6c5130e3c5ed7
SHA1e1a6510e4ba54099e13778b0cccdb08ecf0e7bb6
SHA256e169d1b5f8af9388db4bdcf019cfadbd5daa078427cc5662d43c74dd6b7864da
SHA5124790b4b636042bea53f22a2cec96f9b3b04920b2941dbc3edad62c611821200042d4cf0979c40c7a96cec1c16d1f76c53f7e6509b04ce1c01e0bf268aa45a127