67597b2f06c2fef4c71c99a3932139cc18a443efccea433255746283e3cc5a45

Resubmissions

01/06/2023, 10:29

230601-mjktladg55 1

01/06/2023, 10:28

230601-mh61fadg52 1

01/06/2023, 10:27

230601-mhek7aeb9z 1

Analysis

max time kernel
0s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/06/2023, 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

morsáč.bat
Size

1KB
MD5

4c1d9925cce58ee333d062a3b51e010a
SHA1

9073d20384407b99a6a7447613392760c4b0814b
SHA256

67597b2f06c2fef4c71c99a3932139cc18a443efccea433255746283e3cc5a45
SHA512

e02599d02c879d15bf04fcb20560b2e99ff58b1c0e7be43e81ffcb3ab2f851a396778012c4b22a4bbb6911cfb91e2b965cb5714550f539017ddf6c319f638950

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1680	1720	cmd.exe	29
PID 1720 wrote to memory of 1680	1720	cmd.exe	29
PID 1720 wrote to memory of 1680	1720	cmd.exe	29
PID 1680 wrote to memory of 1632	1680	cmd.exe	30
PID 1680 wrote to memory of 1632	1680	cmd.exe	30
PID 1680 wrote to memory of 1632	1680	cmd.exe	30
PID 1720 wrote to memory of 1764	1720	cmd.exe	31
PID 1720 wrote to memory of 1764	1720	cmd.exe	31
PID 1720 wrote to memory of 1764	1720	cmd.exe	31
PID 1764 wrote to memory of 1564	1764	cmd.exe	32
PID 1764 wrote to memory of 1564	1764	cmd.exe	32
PID 1764 wrote to memory of 1564	1764	cmd.exe	32
PID 1720 wrote to memory of 1512	1720	cmd.exe	33
PID 1720 wrote to memory of 1512	1720	cmd.exe	33
PID 1720 wrote to memory of 1512	1720	cmd.exe	33
PID 1512 wrote to memory of 1208	1512	cmd.exe	34
PID 1512 wrote to memory of 1208	1512	cmd.exe	34
PID 1512 wrote to memory of 1208	1512	cmd.exe	34
PID 1720 wrote to memory of 1308	1720	cmd.exe	35
PID 1720 wrote to memory of 1308	1720	cmd.exe	35
PID 1720 wrote to memory of 1308	1720	cmd.exe	35
PID 1308 wrote to memory of 436	1308	cmd.exe	36
PID 1308 wrote to memory of 436	1308	cmd.exe	36
PID 1308 wrote to memory of 436	1308	cmd.exe	36
PID 1720 wrote to memory of 560	1720	cmd.exe	37
PID 1720 wrote to memory of 560	1720	cmd.exe	37
PID 1720 wrote to memory of 560	1720	cmd.exe	37
PID 560 wrote to memory of 672	560	cmd.exe	38
PID 560 wrote to memory of 672	560	cmd.exe	38
PID 560 wrote to memory of 672	560	cmd.exe	38
PID 1720 wrote to memory of 1000	1720	cmd.exe	39
PID 1720 wrote to memory of 1000	1720	cmd.exe	39
PID 1720 wrote to memory of 1000	1720	cmd.exe	39
PID 1000 wrote to memory of 776	1000	cmd.exe	40
PID 1000 wrote to memory of 776	1000	cmd.exe	40
PID 1000 wrote to memory of 776	1000	cmd.exe	40
PID 1720 wrote to memory of 1168	1720	cmd.exe	41
PID 1720 wrote to memory of 1168	1720	cmd.exe	41
PID 1720 wrote to memory of 1168	1720	cmd.exe	41
PID 1168 wrote to memory of 332	1168	cmd.exe	42
PID 1168 wrote to memory of 332	1168	cmd.exe	42
PID 1168 wrote to memory of 332	1168	cmd.exe	42
PID 1720 wrote to memory of 588	1720	cmd.exe	43
PID 1720 wrote to memory of 588	1720	cmd.exe	43
PID 1720 wrote to memory of 588	1720	cmd.exe	43
PID 588 wrote to memory of 696	588	cmd.exe	44
PID 588 wrote to memory of 696	588	cmd.exe	44
PID 588 wrote to memory of 696	588	cmd.exe	44
PID 1720 wrote to memory of 1272	1720	cmd.exe	45
PID 1720 wrote to memory of 1272	1720	cmd.exe	45
PID 1720 wrote to memory of 1272	1720	cmd.exe	45
PID 1272 wrote to memory of 524	1272	cmd.exe	46
PID 1272 wrote to memory of 524	1272	cmd.exe	46
PID 1272 wrote to memory of 524	1272	cmd.exe	46

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:". " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Windows\system32\findstr.exe
    findstr /b /c:". " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:1632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1764
- - C:\Windows\system32\findstr.exe
    findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1512
- - C:\Windows\system32\findstr.exe
    findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Windows\system32\findstr.exe
    findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:".-- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:560
- - C:\Windows\system32\findstr.exe
    findstr /b /c:".-- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1000
- - C:\Windows\system32\findstr.exe
    findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:".-. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1168
- - C:\Windows\system32\findstr.exe
    findstr /b /c:".-. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:588
- - C:\Windows\system32\findstr.exe
    findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b /c:"-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1272
- - C:\Windows\system32\findstr.exe
    findstr /b /c:"-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    3⤵
    PID:524

Windows 7 deprecation

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads