268c6becff37f87d1dc106c33643cbecae4ae853fd67abd4ec43c569bc82fda7

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05-08-2023 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spectrum.bat
Size

1.4MB
MD5

1af995cb5fac4820b7920baaea61d13a
SHA1

b942023ea99a52a3652837c5a263eee7465bf2b6
SHA256

90e86864b37fd38e8035d1d44d1320db1ababef9220066408cd5214b9754ce65
SHA512

e63cf39341205f3de8efcc5b1681a077ee02811b0d4a49d98bbc5cff4562b8c27cea178d807d28914eeacecf2c071c60c212483c88afe138ce48b131b7878067
SSDEEP

6144:bkPKthCtA9ikfH0DyHYCvE57McOCZYXDe2XjFKEhwfKd+z6k:bTbfL4rycOCGzjB+mk

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2016	1712	cmd.exe	29
PID 1712 wrote to memory of 2016	1712	cmd.exe	29
PID 1712 wrote to memory of 2016	1712	cmd.exe	29
PID 1712 wrote to memory of 2672	1712	cmd.exe	30
PID 1712 wrote to memory of 2672	1712	cmd.exe	30
PID 1712 wrote to memory of 2672	1712	cmd.exe	30
PID 1712 wrote to memory of 2680	1712	cmd.exe	31
PID 1712 wrote to memory of 2680	1712	cmd.exe	31
PID 1712 wrote to memory of 2680	1712	cmd.exe	31
PID 2680 wrote to memory of 2196	2680	net.exe	32
PID 2680 wrote to memory of 2196	2680	net.exe	32
PID 2680 wrote to memory of 2196	2680	net.exe	32
PID 1712 wrote to memory of 1756	1712	cmd.exe	33
PID 1712 wrote to memory of 1756	1712	cmd.exe	33
PID 1712 wrote to memory of 1756	1712	cmd.exe	33
PID 1712 wrote to memory of 2140	1712	cmd.exe	34
PID 1712 wrote to memory of 2140	1712	cmd.exe	34
PID 1712 wrote to memory of 2140	1712	cmd.exe	34
PID 1712 wrote to memory of 1652	1712	cmd.exe	35
PID 1712 wrote to memory of 1652	1712	cmd.exe	35
PID 1712 wrote to memory of 1652	1712	cmd.exe	35
PID 1712 wrote to memory of 2224	1712	cmd.exe	36
PID 1712 wrote to memory of 2224	1712	cmd.exe	36
PID 1712 wrote to memory of 2224	1712	cmd.exe	36
PID 1712 wrote to memory of 2008	1712	cmd.exe	37
PID 1712 wrote to memory of 2008	1712	cmd.exe	37
PID 1712 wrote to memory of 2008	1712	cmd.exe	37
PID 1712 wrote to memory of 2072	1712	cmd.exe	38
PID 1712 wrote to memory of 2072	1712	cmd.exe	38
PID 1712 wrote to memory of 2072	1712	cmd.exe	38
PID 1712 wrote to memory of 2104	1712	cmd.exe	39
PID 1712 wrote to memory of 2104	1712	cmd.exe	39
PID 1712 wrote to memory of 2104	1712	cmd.exe	39
PID 1712 wrote to memory of 2096	1712	cmd.exe	40
PID 1712 wrote to memory of 2096	1712	cmd.exe	40
PID 1712 wrote to memory of 2096	1712	cmd.exe	40
PID 1712 wrote to memory of 2108	1712	cmd.exe	41
PID 1712 wrote to memory of 2108	1712	cmd.exe	41
PID 1712 wrote to memory of 2108	1712	cmd.exe	41
PID 1712 wrote to memory of 2064	1712	cmd.exe	42
PID 1712 wrote to memory of 2064	1712	cmd.exe	42
PID 1712 wrote to memory of 2064	1712	cmd.exe	42
PID 1712 wrote to memory of 2120	1712	cmd.exe	43
PID 1712 wrote to memory of 2120	1712	cmd.exe	43
PID 1712 wrote to memory of 2120	1712	cmd.exe	43
PID 1712 wrote to memory of 2464	1712	cmd.exe	44
PID 1712 wrote to memory of 2464	1712	cmd.exe	44
PID 1712 wrote to memory of 2464	1712	cmd.exe	44
PID 1712 wrote to memory of 2236	1712	cmd.exe	45
PID 1712 wrote to memory of 2236	1712	cmd.exe	45
PID 1712 wrote to memory of 2236	1712	cmd.exe	45
PID 1712 wrote to memory of 2384	1712	cmd.exe	46
PID 1712 wrote to memory of 2384	1712	cmd.exe	46
PID 1712 wrote to memory of 2384	1712	cmd.exe	46
PID 1712 wrote to memory of 3016	1712	cmd.exe	47
PID 1712 wrote to memory of 3016	1712	cmd.exe	47
PID 1712 wrote to memory of 3016	1712	cmd.exe	47
PID 1712 wrote to memory of 2900	1712	cmd.exe	48
PID 1712 wrote to memory of 2900	1712	cmd.exe	48
PID 1712 wrote to memory of 2900	1712	cmd.exe	48
PID 1712 wrote to memory of 2812	1712	cmd.exe	49
PID 1712 wrote to memory of 2812	1712	cmd.exe	49
PID 1712 wrote to memory of 2812	1712	cmd.exe	49
PID 1712 wrote to memory of 2436	1712	cmd.exe	50

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Spectrum.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" echo cmd /c "C:\Users\Admin\AppData\Local\Temp\Spectrum.bat" "
  2⤵
  PID:2016
- C:\Windows\system32\find.exe
  find /i "C:\Users\Admin\AppData\Local\Temp\Spectrum.bat"
  2⤵
  PID:2672
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2196
- C:\Windows\system32\findstr.exe
  findstr /i "echo" "C:\Users\Admin\AppData\Local\Temp\Spectrum.bat"
  2⤵
  PID:1756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:1652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:3016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b
  2⤵
  PID:2920
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" echo cmd /c "C:\Users\Admin\AppData\Local\Temp\Spectrum.bat" "
  2⤵
  PID:2156
- C:\Windows\system32\find.exe
  find /i "C:\Users\Admin\AppData\Local\Temp\Spectrum.bat"
  2⤵
  PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kdotZFzEB.bat

Filesize
170B

MD5
fb3964cc66cca8c7b0e52fcb19831089

SHA1
46a92c69859ec7ded655d14bf6ea7ddb7dbc644a

SHA256
885c8431091bc43a9ca302edd786f0efb82e520ccdeba7baff048f4880f096e5

SHA512
6259bae53bd7f66ee13b12f8696137d2bbfae64a28f8b0348ea12163d452bbf75e9258539cd4d48540964ad2522c1c64093927ccc18de7b207fb0a29e689a041

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads