Overview

overview

1

Static

static

1

recovery.bat

windows7-x64

1

recovery.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    recovery.bat

  • Size

    1KB

  • MD5

    ce7e3f687cd0e0c822bce6cd3038eb0e

  • SHA1

    e05a0d6552f6e88cbdac4a0500cf9ef9f4baafa9

  • SHA256

    05c740253af5337a1e4803e3d4b6a48f8696ace1622ec6ba5d275a3d8d5808e8

  • SHA512

    90d4cdcd801251f5e38b6bd40fabf59372aef8da30278f5e8bd69e8db9d506e62d64e25de2cb1aa75994d981fc52b3733b272a937d927bf5cb80eb9f3a50415b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\recovery.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\system32\certutil.exe
      certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt" "C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt.enc"
      2⤵
        PID:2712
      • C:\Windows\system32\certutil.exe
        certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt" "C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt.enc"
        2⤵
          PID:2580
        • C:\Windows\system32\certutil.exe
          certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI4E92.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI4E92.txt.enc"
          2⤵
            PID:3056
          • C:\Windows\system32\certutil.exe
            certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI4EEE.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI4EEE.txt.enc"
            2⤵
              PID:2088
            • C:\Windows\system32\certutil.exe
              certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI4E92.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI4E92.txt.enc"
              2⤵
                PID:2628
              • C:\Windows\system32\certutil.exe
                certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI4EEE.txt" "C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI4EEE.txt.enc"
                2⤵
                  PID:2636
                • C:\Windows\system32\certutil.exe
                  certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20230831_234357_987.txt" "C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20230831_234357_987.txt.enc"
                  2⤵
                    PID:2740
                  • C:\Windows\system32\certutil.exe
                    certutil -encode "C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20230831_234359_360.txt" "C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20230831_234359_360.txt.enc"
                    2⤵
                      PID:2752
                    • C:\Windows\system32\certutil.exe
                      certutil -encode "C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt" "C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt.enc"
                      2⤵
                        PID:2864
                      • C:\Windows\system32\certutil.exe
                        certutil -encode "C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20230831_234338659-MSI_netfx_Full_x64.msi.txt" "C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20230831_234338659-MSI_netfx_Full_x64.msi.txt.enc"
                        2⤵
                          PID:2640

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads