Overview

overview

10

Static

static

1

PMOy4QqKcU...PF.zip

windows7-x64

1

PMOy4QqKcU...PF.zip

windows10-2004-x64

1

1.bat

windows7-x64

1

1.bat

windows10-2004-x64

1

detonator.cmd

windows7-x64

4

detonator.cmd

windows10-2004-x64

7

dqjg.ps1

windows7-x64

1

dqjg.ps1

windows10-2004-x64

1

dqjg.vbs

windows7-x64

1

dqjg.vbs

windows10-2004-x64

3

th5rk551.uku.ps1

windows7-x64

1

th5rk551.uku.ps1

windows10-2004-x64

1

vuso.ps1

windows7-x64

1

vuso.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2023 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.bat

  • Size

    87B

  • MD5

    cdc83500ec30d3d435f4a5fca2fb9c99

  • SHA1

    418f2d8fe427cc1bcfffd66689325300737f7d07

  • SHA256

    12a6ad12fa23cc100d4a982746c5520f4de1cd7638de579e2040daf2ec2a2e2e

  • SHA512

    96b5560bbbfa9055f4e1208b46ee6b0c7486d6ecb4f311dd4724ed3b09c862002e10fc1dd6b892b4bfe47798713f055f053fed16bc45f834f94140550c3eb732

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\1.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:440
    • C:\Windows\system32\cmd.exe
      CMD /C powershell -NOP -WIND HIDDEN -eXEC BYPASS -NONI "C:\ProgramData\dqjg\vuso.ps1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -NOP -WIND HIDDEN -eXEC BYPASS -NONI "C:\ProgramData\dqjg\vuso.ps1"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2388-58-0x000000001B220000-0x000000001B502000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2388-59-0x00000000021F0000-0x00000000021F8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2388-60-0x0000000002380000-0x0000000002400000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2388-62-0x0000000002380000-0x0000000002400000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2388-61-0x0000000002380000-0x0000000002400000-memory.dmp

    Filesize

    512KB

    Download