Overview

overview

10

Static

static

3

AlmiqueArt...b2.dll

windows7-x64

3

AlmiqueArt...b2.dll

windows10-2004-x64

3

launcher.bat

windows7-x64

1

launcher.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2023 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launcher.bat

  • Size

    86B

  • MD5

    ff6177f24a11eaaa28c0a98fab30a4f5

  • SHA1

    ba676bbe65a5bbce6ae0d853dd1436fce3d50a6f

  • SHA256

    ab163a91b6577a3f14dfb859a20c06314673c87e5d6e1c11f4793eb741d05071

  • SHA512

    d54b744cd38278ce3172e36db6dd15ed5e01588cb612bc43898ee53d1b24ee79706f30052b289c34c17d34508b1f0486164003bb78ea25ef8670dceb8b8da636

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\AlmiqueArtilleryman_pkb2.dll, Throw
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\AlmiqueArtilleryman_pkb2.dll, Throw
        3⤵
          PID:2832
    • C:\Windows\system32\verclsid.exe
      "C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
      1⤵
        PID:2736
      • C:\Windows\System32\NOTEPAD.EXE
        "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\launcher.bat
        1⤵
        • Opens file in notepad (likely ransom note)
        PID:2904
      • C:\Windows\System32\NOTEPAD.EXE
        "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\launcher.bat
        1⤵
        • Opens file in notepad (likely ransom note)
        PID:3032

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2832-0-0x0000000000140000-0x0000000000143000-memory.dmp

        Filesize

        12KB

        Download

      • memory/2832-1-0x0000000010000000-0x00000000100C7000-memory.dmp

        Filesize

        796KB

        Download

      • memory/2832-6-0x000000006FC80000-0x000000006FDD5000-memory.dmp

        Filesize

        1.3MB

        Download