Overview

overview

3

Static

static

1

crash.bat

windows7-x64

3

crash.bat

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    crash.bat

  • Size

    80B

  • MD5

    d49b747074c911f4ff74d23cc26c1e58

  • SHA1

    86309407aa28d5fe65cfe62325c8291a22eebeb2

  • SHA256

    fa0c29eb9b538082b8bd19435f3c14d24b961811275b4d547892d14e9b329e85

  • SHA512

    acc55216818283433cfbe97da2debad21b09c8b72baf9bcb6db975f6f8547c3083612ea1d4b044b9cbcad5c2628ad37ce5614808a55cd85b1ecb5be6950646f2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\crash.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://jonnybanana.github.io/safari-ie-reaper.github.io
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2492
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:340994 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2396
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:472069 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    471B

    MD5

    1687df440030f5e2619b2c7af536fa47

    SHA1

    da5b013bcb1bf01600b6c8b00afcc4b145e80b6e

    SHA256

    f8c3bd3bc50530b1156f180dbebc003cf6e01e2636d76a7dceb4085c8b442d9f

    SHA512

    2fe58b9964e7c519a6023ad74cbb5f0a9f1202d6650d088ef42cf9a135f202038a4e50042ebdbdb25cc63e8799b9323ea83eebb4ae94114b2d66dca2e1a0c05a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3eeb12d780c9a0e2e8a7541cbdc4b7b

    SHA1

    d2979f9bf38f5e68a2716d519331f02e827d2feb

    SHA256

    020f6d8b504f0dd14cb0d5303504918068199452208f74c741948f9f8627744e

    SHA512

    497a0d1fb659b8bfaed8c283fbab19a9d505eb71d6edefc67cdeee22ddcde74e64a30fa118a935d5172a62c56890067f312d6dbee491a3d8777a3542497d7f09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce90bbd3931569472d3f3e370688690b

    SHA1

    ba66defb52e72133afd58ef7d2107c23fe1b999c

    SHA256

    0fddccdf7c490f9db1e745da90a3cc670c44a159221d0a69399c5c8eeb1482f0

    SHA512

    dc3a66f76f7218ebe9b2ee88ddf542eb1265370b1dfb038230b4fa238fffc3942d62268ff09f0824fc25998989a1081109a11e70cde366eb3130157a39d07fab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c9ce8be136dbecd70cbdff78699fb1c

    SHA1

    4cc41998962834f50f8176f67a8ad4caa584e791

    SHA256

    300f47965e68eeda14ca78bd077b093b58987b5ad5e2c96c1e19050cd9e13c40

    SHA512

    7b084fa0cea59f64704ec2a623c1d090db280b97de6df38ea786b16d83ec42cab75ad58e29437699a5db5fbe899dc1acc469ed51c4e27b5338a39597defe853c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2906fa7530b6824406ede4a6758b8e07

    SHA1

    31891a6a4dcf38c0aa3f6f9eba74f6a208aca953

    SHA256

    064712d6c08704b9daf16a30814ac2a45f1d78bdbb4a493eb779ed35a873d27b

    SHA512

    f35365df763042b2598f4369b877e22dcfb2cbf81d64d9470fbbfebf2bcd167282838ceb905e5d7abe8db383a23c615b45753a24a6731749fbcae7fa5409148d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee1c5e38a63f543c71343bbc4261e7db

    SHA1

    1276e2622090e0825e385633b3e53136156992c8

    SHA256

    d4d7958021374b60836cb80781fe31761a4d21cd015b8f8b63d3ca0ec7e693f3

    SHA512

    3499fab7b38b63d8bb7581f4d0205d4e9beb8ce32142598c05c064dd23f0fa88419cb6a2c7f3da3a5324a1883d66d691ce0e17751072a23a23616e0e717cbd76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    040a78b1e0f251fe564567814ed10ca8

    SHA1

    7590fc86ff62b270e65e7d82e85bc80d91db623c

    SHA256

    001cef4891fe9bf08e7cc09b21e37f481cc7642592391fd6909609971ba4346a

    SHA512

    426a22ef4b03982a1fb70ebb716261380a13faf27a291deed5699f26f24b6a8a471910d8790a3dde70559057b1518eeec55279ae394554be7b8183f9bca29dc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78fb3f4405a282d0f37279cfa4072393

    SHA1

    ca47c94975556c18795d40bae38bd644eb76706e

    SHA256

    ad8488f093fd522b03b471276d98c7bc5d3ef0726c99a037e5b88c61a5d5e0c3

    SHA512

    e1e11aa4138eaebfc87e5bc9705b4cde799ecb51acb8fc6c3b31f478168866c100f16c0b40190d3f7a0e4631a0e03c4525e648f77541c00f2e65a0fc39467ef8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ee57b78143f4f0548458ba4eb872618

    SHA1

    d41aca66aeab5dfb7c78cd1f589a86ed37dbe268

    SHA256

    86d4e6e096a147022a58191b8dca008ed84d4bbd34769f2a0b94cc0c071770ed

    SHA512

    d61392aba196017f8250ff50010902e66bf85f3cec3fc855d9b056cbaef6496c9b6f8af0c49a1ffab9ae3ecdb47406ea2fb4757acbd026c3eb94a2e940a9835d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96ba003ded677c08aa93e882de9c2593

    SHA1

    33a201eb910af5021fe1a3e806f00f22cb01cff8

    SHA256

    68644505ac16ee09670bf3a207160854b3ea6fe58e3c42ec189ee665d549c969

    SHA512

    f7cb0ca0c011cf1cbcf2eabff7fa0b8ae38f834a272f13161790638acd65d0d89445fda8cdc490606b5d7a8bde6bde3aaddae3b0281413bb133c74543d4f8fed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18b2ae37c071eb7ad4bb3fef97ed45b6

    SHA1

    d5e1dd3f1c91f00798e3ce904c8b8aa1641f9069

    SHA256

    aed6fb3443dec70b5d19c7f21a580f88ebacbd0786fc678cd5194d3b421a5ce4

    SHA512

    53949b0e56a19c5539549beab4981d06f36d518c65368a1f62d540dd4ebc84ffb7592cc1c58d61578217a505363d50286e6bf9292b7ca8833aa45eac7ac631d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffe8421a0d69dd3acc3423a4ea185f29

    SHA1

    3a30945876f778b3196e3f0cc27e3eaf2cbf75c3

    SHA256

    7bf358806c182a8c5b63bfc5dfe2d11302240bb2004fe4ab7aac5fb7650d723f

    SHA512

    607376608ff1b65e59b6f70540c1f4baf89c4dd6ae6e7ecb0dafcdc7569c77667bfd6753e56c7ca58c2026d629287c0b59a87d88efa818ae66d66a213bf776b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    400B

    MD5

    31b78e3f9817c9b91701405c6ff80b43

    SHA1

    e8f98e3650f4b5344070724ab601f778800c4754

    SHA256

    1081f0bd3fa7e9225e4bf8d960a82c84ff8848494e4f591e418a418d572545d7

    SHA512

    0d7907a98cdcd3e205ab27fb49e16b74707169062a0acc333d7a6a003025c14a9833869861e7ce924a68d3f63b814a8c3633167acbf192934f696244b60fc11c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1YQ38W2\safari-ie-reaper.github[1].htm
    Filesize

    37KB

    MD5

    bebd8a2e24716ac8df033c52d03de6ea

    SHA1

    01208ed2495a3d6501a5cadb805f96806c03adeb

    SHA256

    3396095b5688a8186b441c8f54ac4362d2493533e20972332f2d67b634a42828

    SHA512

    9337b86d5faae6684eab5e74a249a2b7fc745d85040cec65f5fb988590e44980ac8111b6a5ec93c89a61df8f72c9f9a38b41f45a4bba0989c91d0815799138c7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8E7WD55\safari-ie-reaper.github[1].htm
    Filesize

    162B

    MD5

    4f8e702cc244ec5d4de32740c0ecbd97

    SHA1

    3adb1f02d5b6054de0046e367c1d687b6cdf7aff

    SHA256

    9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

    SHA512

    21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8343.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9CC0.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFFF53390B19484B14.TMP
    Filesize

    16KB

    MD5

    77bd696bd1df946dd3346970af3c0002

    SHA1

    b6c37920bb8e05db0ba02b321c7dd8b6c1bbe445

    SHA256

    122c515e6ec44f378cb843a3ec7f18a0790f352abada1d59fb3fc6a13a1c72b3

    SHA512

    55b022a3972418e0c9b7fdded0311938999ca982ae656c4f7df67600a62a45ff4168ae36ee43766420b6d1c0e17148be667eb90fb678bb1c934777fbcf5ef8bb

    Download Submit