Overview

overview

1

Static

static

1

bat.bat

windows7-x64

1

bat.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/09/2023, 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bat.bat

  • Size

    77KB

  • MD5

    466a311205b514581aa61ce02ead19a4

  • SHA1

    aeb2acb70b4a82bd6de876aba272158706ae021c

  • SHA256

    50f9ea4f06de30d775c8315587f0bce404a6946a67b2d8a5a2cdc61279880dff

  • SHA512

    83e59aab5ffd7b8e9cefe00ff6a2e0e235d502316088efc063477fa06f765ef376c11ac311193fa88472d91e3fa378a97476f8656c7ad7fdcb08a35c0001bb1f

  • SSDEEP

    384:/qmB+m9dm9hm9rm99m93ml5mlomlumlSmlcmlsmlkmllmlZmjDmlfmn7mlJmlTm6:HjcIm8KcBn7Vl9oemQes2kfbx

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bat.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Windows\system32\certutil.exe
      certutil -encode "C:\Users\Admin\AppData\Local\Temp\BroadcastMsg_1694758968.txt" "C:\Users\Admin\AppData\Local\Temp\BroadcastMsg_1694758968.txt.enc"
      2⤵
        PID:2628
      • C:\Windows\system32\certutil.exe
        certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt" "C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt.enc"
        2⤵
          PID:1908
        • C:\Windows\system32\certutil.exe
          certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI4310.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI4310.txt.enc"
          2⤵
            PID:4612
          • C:\Windows\system32\certutil.exe
            certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI433A.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI433A.txt.enc"
            2⤵
              PID:4364
            • C:\Windows\system32\certutil.exe
              certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI4310.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI4310.txt.enc"
              2⤵
                PID:4832
              • C:\Windows\system32\certutil.exe
                certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI433A.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI433A.txt.enc"
                2⤵
                  PID:456
                • C:\Windows\system32\attrib.exe
                  attrib +h C:\Users\Admin\AppData\Local\Temp\bat.bat
                  2⤵
                  • Views/modifies file attributes
                  PID:4092
                • C:\Windows\system32\format.com
                  format C: /Q /y
                  2⤵
                    PID:2972
                  • C:\Windows\system32\mode.com
                    mode con cols=107 lines=41
                    2⤵
                      PID:1088
                    • C:\Windows\system32\taskkill.exe
                      taskkill /f /im explorer.exe
                      2⤵
                      • Kills process with taskkill
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3656
                    • C:\Windows\system32\ipconfig.exe
                      ipconfig
                      2⤵
                      • Gathers network information
                      PID:1848
                    • C:\Windows\system32\findstr.exe
                      findstr IPv4
                      2⤵
                        PID:1836

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads