Overview

overview

10

Static

static

1

aaaccc_JC.bat

windows7-x64

7

aaaccc_JC.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    aaaccc_JC.bat

  • Size

    16.0MB

  • Sample

    230901-txl25sgc83

  • MD5

    cf6b0959b49f88a949a9ff983ac8aba1

  • SHA1

    c86de7221cf3733dec8906718b9f986fadc0c546

  • SHA256

    e8fcddca33d734dc65ce4737193e9f2e9598d7d4d42b85dea91b21435d165860

  • SHA512

    e7a092304c264a5400171b66d91f9aa0b24d01f7555d6a5c92f537222937883bbe01fb4438792249c4bc3a70d9cba2b4ca2176884528b707d9d08747085418d1

  • SSDEEP

    49152:JwEOTlzglY3SQejz3XIi3i1v7IhK/AFx1q9KPN81boBfuGznNXyFXGWSUxxyy8pp:1

Score
10/10

Malware Config

Targets

    • Target

      aaaccc_JC.bat

    • Size

      16.0MB

    • MD5

      cf6b0959b49f88a949a9ff983ac8aba1

    • SHA1

      c86de7221cf3733dec8906718b9f986fadc0c546

    • SHA256

      e8fcddca33d734dc65ce4737193e9f2e9598d7d4d42b85dea91b21435d165860

    • SHA512

      e7a092304c264a5400171b66d91f9aa0b24d01f7555d6a5c92f537222937883bbe01fb4438792249c4bc3a70d9cba2b4ca2176884528b707d9d08747085418d1

    • SSDEEP

      49152:JwEOTlzglY3SQejz3XIi3i1v7IhK/AFx1q9KPN81boBfuGznNXyFXGWSUxxyy8pp:1

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks