Overview

overview

3

Static

static

1

New Text Document.bat

windows7-x64

3

New Text Document.bat

windows10-2004-x64

3

Analysis

  • max time kernel
    1561s
  • max time network
    1566s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2023 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Text Document.bat

  • Size

    694B

  • MD5

    f9be8d2bb00fe09c0afad536a206455f

  • SHA1

    f5319cb730ae5c4d14d79f03b4326c68ff2f6afc

  • SHA256

    ca733f06543297737201b28a43092e90ea206b7d323c4be53c4c4e68aec4055b

  • SHA512

    02f9c23e92a32210060c8c97d4180c8879aa2c6def5f9d01d26166cc236451971ec593d10f291b15f0622e8bdeb2f2ca211c5acdb5c68da098e8c7fc1a91cad8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://tria.ge/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2736
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:209927 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2380
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:209929 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1440
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:406541 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:734224 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:799774 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://tria.ge/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{49B8A081-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    5KB

    MD5

    a8a66353d6aa995bf7f8c41a125f3635

    SHA1

    a92e0eb13cacdfbfd76480e94024fb7192ae1776

    SHA256

    f8b89e47defe67a8ad03c6754e5c7b16d3ec7b760516b38c2ef57bf577c63586

    SHA512

    dd0e0a4b4458bfce8235c2ecc1fbdb45442682215d47e83dfcd81fdbda7a6d105185071c227a92aedf67e6f06c80ab844c0af6a1c6c63e44e7fef9b32c1c1e31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{C59D859E-20AD-11EE-8666-D66763F08456}.dat
    Filesize

    6KB

    MD5

    998ad73f13a333812e9ca2fefb434a93

    SHA1

    16278f5b08e25653e96b36b1f073d81df2faec93

    SHA256

    296ea0f2aa54a274ec54661eb27ef02dbaa6ab8202f4924f22af305774ff8c10

    SHA512

    b757ed072769663f754df3ec447218de04b9467b9e4fa991d5432680e9d7bea799e5a7c008019b21c49f3e583233a207311fc09f5aae419a30399deb96367e4e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59600-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    7340587f65293b35b82362d655e0ea80

    SHA1

    1ce836e4fe0352aac56cb2e86fce3c6212ab0e41

    SHA256

    822843711a19f1794a6a3abdbdad450a989c89c08f6f99a928dfd52046df2021

    SHA512

    4a23fcc134ae92358f5e591cddd5180cc379f59c313e4215d506895dfbebd47b590acc07b9d7533d89a36f0d406013bc4636c5923afb8e751f1f85e91096af15

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59601-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    daff6d65346989609ebe333fb48e0444

    SHA1

    b9a5173a7deadc2da2caf28a8479251bd5062aac

    SHA256

    3b8f796f6aad7dea0436bde53de728f232ba7bb334edb433463db15c53dbeb7d

    SHA512

    1a55957681d147dfc31e9bbcbc3c235b3fc5cab69261955fb264b46cb07c637a5969e1e6f6091e5a46e0d32ccd2965fbbc63823cce351b9a1e522bc00b1c0cfa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59602-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    de69e13ab0515156605ce2d2b7eec982

    SHA1

    593f6e10520898181b633da27a8ba9ad12374434

    SHA256

    01439122907fb9694fd5fcb0088cb31112469dbeda1ed17841ecd88b9a224ee0

    SHA512

    f810872dc03736c08c46f152448d41550001cf51965509a59931e9a2e6e1fcdca0c76f2c495d58165fc69bacca5f06c25a58f0bed18739270c8c6a0d88c0bd8b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59603-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    55d261e6bdbd7a6e60bd212a312654f6

    SHA1

    35ec806224a96c6b2e90fc775a9ad7f71f72392c

    SHA256

    80b99c91644543ba414b29a2fb02000496c865d05e0d586c49e9cf7f2aece548

    SHA512

    59b7c52c6479a3667925ea046289a54945e4aef9aa7dc323ada9d9487f68cfe8eb77ac97dae7553bbbb36d9d402ecb992fdc2a55cbab3bfff3bdc8db102a7d8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59604-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    916ec236307e913da939664da13b103c

    SHA1

    4affc7513cd8366f2bc5f01a567ef0eb90962e12

    SHA256

    9ba2a298353c9cdd62b00c4e109457be4ade410876328387f1795628bbb38895

    SHA512

    111727bbba9f4cd9420b61cdab284802645f9d42038ad76b70ad2f2cf54a0d40d5b5f86410f32977a44d3a587f8d6f338b75de7184f7c2ace7a679fc867c15bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59605-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    16dafea69321f0977571073ef5cd73b8

    SHA1

    f41e8f7cc232c2e8483e55c009e188d581fd5efb

    SHA256

    665b1dbb7de5c40e6e8786089d24748513bdac00aeeb4c778986f8dc44a799c2

    SHA512

    5d633a84b7d52d512e60cb7e8839df4df5f07a104b81e4e8b10a2090dcce405aaed6f2f41e096514719f7894854e9ce9b2c483b83f2bc15f017662955c364507

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59606-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    427ca49ff59b6f4053664af5a7be7434

    SHA1

    9aeb2225c6d864681408f28d43e61fead03f868a

    SHA256

    07c91b289e4917516abba17512d6b1b297001d4db0bb9493990ae19563afd83a

    SHA512

    7bf0edd77304d41606bc2a16c97f9ecaf343a06483ed55f80ab72d527ba51f69e2a666383236b2dca891710d2722713866a68f7d6b42be5c7233c7c24051267d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59607-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    525da44275cce84a301052765706fb25

    SHA1

    4edf332ebfe0c5c1703b69386302e61907402be7

    SHA256

    ad0d08e84916c0be323a3cb28e79f20797ca225ba0de0acfc737b6e77a54e816

    SHA512

    0a60800c5c54c1d6c9d0558bb5b5f459df9a0ac12ceebf82851986666d8746bcab97fce1a55e601edcc26ae50183d60a1ef5f5ed71493083b261b55a87dd110b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4FB59607-3D5F-11EE-A65E-E66BF7DF47AF}.dat
    Filesize

    4KB

    MD5

    525da44275cce84a301052765706fb25

    SHA1

    4edf332ebfe0c5c1703b69386302e61907402be7

    SHA256

    ad0d08e84916c0be323a3cb28e79f20797ca225ba0de0acfc737b6e77a54e816

    SHA512

    0a60800c5c54c1d6c9d0558bb5b5f459df9a0ac12ceebf82851986666d8746bcab97fce1a55e601edcc26ae50183d60a1ef5f5ed71493083b261b55a87dd110b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H774PEZ\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HUPY26S\dnserror[1]
    Filesize

    1KB

    MD5

    73c70b34b5f8f158d38a94b9d7766515

    SHA1

    e9eaa065bd6585a1b176e13615fd7e6ef96230a9

    SHA256

    3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

    SHA512

    927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EM1SEHQ\NewErrorPageTemplate[1]
    Filesize

    1KB

    MD5

    cdf81e591d9cbfb47a7f97a2bcdb70b9

    SHA1

    8f12010dfaacdecad77b70a3e781c707cf328496

    SHA256

    204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

    SHA512

    977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEWWZC8O\httpErrorPagesScripts[2]
    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF7365A4A3083C5294.TMP
    Filesize

    20KB

    MD5

    9be947021d2ba133cbf296b8e46de103

    SHA1

    45957a6b82ed5a260cbcfb7d3f4562a3d9f99b75

    SHA256

    c06ab38dfef6e965b89e51e2f2d87a242da3fbfae79a0fdb86b607ee566dbcb4

    SHA512

    3e7debc7a75cba96fcc141227c51ba30557436c1e5768d120d958e0950971947ad9eb8df4e644eebe3080d7e9258eea88fdc5d16c73781e77263b9394b3095a9

    Download Submit