ae85b053cd02d47d9eed876885ccb55e12bfa1a2ddea74c4a13623bc3006d3bf | Triage

Submit
Reports

Overview

overview

9

Static

static

1

2.bat

windows10-2004-x64

9

Sharing

General

Target

2.bat
Size

782B
Sample

230824-qytxlach36
MD5

f97632eeb79a7c337306dfa33c2cc796
SHA1

a53183a5f48c1425a19b038a9ed209adeb90052c
SHA256

ae85b053cd02d47d9eed876885ccb55e12bfa1a2ddea74c4a13623bc3006d3bf
SHA512

5c028932c74020416b7987583b1b016f6d775739c0a3019e08a9afed62848cc7ab71cceec4a6d6953232eb57ffe3ff507f9f77f9f3ba4ec03f84aade40d895fc

Score

9^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

2.bat

Resource

win10v2004-20230703-en

windows10-2004-x64

9 signatures

1800 seconds

Malware Config

Targets

- Target
  
  2.bat
- Size
  
  782B
- MD5
  
  f97632eeb79a7c337306dfa33c2cc796
- SHA1
  
  a53183a5f48c1425a19b038a9ed209adeb90052c
- SHA256
  
  ae85b053cd02d47d9eed876885ccb55e12bfa1a2ddea74c4a13623bc3006d3bf
- SHA512
  
  5c028932c74020416b7987583b1b016f6d775739c0a3019e08a9afed62848cc7ab71cceec4a6d6953232eb57ffe3ff507f9f77f9f3ba4ec03f84aade40d895fc
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1313) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy