Overview

overview

1

Static

static

1

使用帮助.chm

windows7-x64

1

使用帮助.chm

windows10-2004-x64

1

点击打开.bat

windows7-x64

1

点击打开.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2023, 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    点击打开.bat

  • Size

    263B

  • MD5

    b071d93fd0b7e2b770deb97b199efe8a

  • SHA1

    1154885d4ef21caee5339336b098c4afd9c7da10

  • SHA256

    32ef94fd23ca1e28756ad1b3990775d99f1c59d645f9c867c5129480a5121939

  • SHA512

    65b2bc000a9b7b01116c6af4635ca6e5617e69c95c0b848e7f6d0e8e71c7e88effa01ef527c8e8eb76a9be1b49ba463ec477f2debc3bae297c038faead31f39b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\点击打开.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4596
    • C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0" /v "1201" /d "0" /t REG_DWORD /f
      2⤵
        PID:4492

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads