d8e180f42fd6c318ab0269c5e7e0c375dfa723781b531c478a18d3a74cf9d8d5

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feimaRepair.bat
Size

40B
MD5

f66ab2d847ff367e0b5e3f3096d61b90
SHA1

187e083df8dcd82924de8383eeb8031f76ac0d4e
SHA256

eb7dd1201ede376f29e5f95f0337cf62fa0f36539fc109deb58f7b8355db3064
SHA512

ab664b839f4a6c2a88ae8838ecd1c2aff49413c8f1d26852b87e39dae1ebd0afa98aace02d70916c0a29a18e9f836303f1836bff0796479ad59e114e8161c4cd

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
800	netsh.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 3352	4980	cmd.exe	85
PID 4980 wrote to memory of 3352	4980	cmd.exe	85
PID 4980 wrote to memory of 3352	4980	cmd.exe	85
PID 3352 wrote to memory of 800	3352	feimajsq.exe	87
PID 3352 wrote to memory of 800	3352	feimajsq.exe	87
PID 3352 wrote to memory of 800	3352	feimajsq.exe	87
PID 3352 wrote to memory of 920	3352	feimajsq.exe	89
PID 3352 wrote to memory of 920	3352	feimajsq.exe	89
PID 3352 wrote to memory of 920	3352	feimajsq.exe	89
PID 3352 wrote to memory of 3736	3352	feimajsq.exe	91
PID 3352 wrote to memory of 3736	3352	feimajsq.exe	91
PID 3352 wrote to memory of 3736	3352	feimajsq.exe	91

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\feimaRepair.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Users\Admin\AppData\Local\Temp\feimajsq.exe
  "feimajsq.exe " /resetNet
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3352
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall delete rule name="789vpn_block_all"
    3⤵
    - Modifies Windows Firewall
    PID:800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Dui\reset.bat" "
    3⤵
    PID:920
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Dui\Lang\en.bat" "
    3⤵
    PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Dui\OnLine.xml

Filesize
2KB

MD5
6846b2a99aef16f8d8060856dd240e3f

SHA1
f6721e0930854bf1a207b8e0157f2aeae937fc28

SHA256
6ef4ec409fb7b1cf348d53627afcf8232c7a821e1a4f41ef3f31428301623818

SHA512
b4055fe4fbc70f7ae94e0366f98cc985de0092d010011dbf6eb9c5e9be9535bd32ae3a059abb205ce79975697c5f4695a23f7044bd0d94e61c8918aaced9d201

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\QRCode.xml

Filesize
4KB

MD5
f2e790904c997d079a3480f1917d842a

SHA1
47813d73de2b9cf24ae2083273466352586ef6ae

SHA256
4d94a2a1d4f474ce9c165f156707f5294d45c4a57b11ed193e0ea6585f9e992f

SHA512
6431d66eeea512fe37b483a3ecddce73a3120b0a173fa022a7a1cdbc796d141c1d2a36f7cff6ec57b34e6fa874ff4509b901a3e8af4f84ac28cc0ed3947f00d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\bbuy.xml

Filesize
5KB

MD5
4c761bf3d4c9cd657fb70fa2de2d63ce

SHA1
d2819237c941014bca0b578352ff14c5561ff903

SHA256
ca2ef381663d5fa4737a40088804d1026d34e430af4c3bfa4840ac8ea8c6add3

SHA512
35c84115ebaf08eb5e095e178dcb735caa9f4cac95a7e4a6f459fd2289cc20ecc73c24400ee25ac8ecd4f3f1599d6375b4db54baf2d7da57176e4bb65864232c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\bbuy_en.xml

Filesize
5KB

MD5
f1249642e046621cb969d0582388364c

SHA1
b798d21b77d724fd5da3fd7d6d10c649cdee7293

SHA256
0f6757ffc4ac66a2b456e1ef525788060f650e0319f71a87cdc79a9cb1cdae88

SHA512
88c6d2c2c4b8e2ed02233ad18bc3b6b346313d720690d40171da7677eccf518e7b63e7837b76649e03eff6ef56a059beb58fdf30cc6c3b9b558b0881785f67b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\binding.xml

Filesize
4KB

MD5
828ab504560b211fcccba1511580dc0f

SHA1
185dce6e701f7a131359221a176b612e24056e07

SHA256
5391b23779e4bfc0a0db324a1053247c7a2654e68cd2dbdc7a46e14c2328d0fb

SHA512
a36090947228eb561593721444c51e58effd5a7df01ee8a4b5b4272134e64f2656490643d88e61c16c5dd9c489e3d28dbf9c90d5cda35b9a7e5d3e60d28de974

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\buyinfo.xml

Filesize
3KB

MD5
156767521e40c712c116b9dccd8ad66f

SHA1
63555ffff11c492c4d860929b4139387c5a09eac

SHA256
bdc155536ef71bebd1b36325909d7e5a2a83a082200c8e290a99883b23bf7082

SHA512
4789fc3f1d4b74d372fc013ae716e6c326d1e4f678e33a09abf24218c38446591ff81b374bc8c13775eb40f0354dfb0dae9774f25b71fcb4936c130f9466addd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\buyinfo2.xml

Filesize
1KB

MD5
2daa9cb88a33cf79c350af608a02046d

SHA1
e918a335f63d37fb9fd3dae477220f3a501446b4

SHA256
135f01899fd915872f864fb041992a4d9138e08c6a5088c5ca7c51e2e4c3b996

SHA512
f9d082bff9309cd343a34111b7560c0a9d81027f9cc0c0ebd1b11f9e25e0f14157b4484c530c19b35cf1f8d8cec08aba04e345a062eeab5fb6925034791bed37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\connect_setting.xml

Filesize
10KB

MD5
638249df1002faf2ebcb9ffa6216240b

SHA1
2a1f894e4215573cf7bb769acc5528c92607295c

SHA256
aebf15e6b68ed5ec8610e3646f0a6d31d2f0cd8f564ec285d268b51a47a13a33

SHA512
da6857b02dca8e7c1f423aec2621add2b7991b123e1795f3f48fe80d4fe8f74a7709c075998627a084d0997f41bac3ab61078f5b826ddf9c4d5f9dbea706a1eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\findus.xml

Filesize
1KB

MD5
d28e95de6f4a74d843154699b62c62b9

SHA1
16363fa2d35a9afbc5e26e22df325773eb1f7724

SHA256
acbf5a06a518d8bdc85dbadf09497e94cd7bda7be7f5e1d48729b0893cfea096

SHA512
f54ac66cff05b73c058b094417836e331a99d6e2630b11da4a207632997465517c1dc0cfa8f5d6728368bd20961683d18e8660e096efdc2f896f4e4474b3ccf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\goforit.xml

Filesize
1KB

MD5
261f79da842afe8bec243c019b74b4a5

SHA1
22be08f538874db369f111e08ce99c93c0ea6e20

SHA256
dc7c574e5e0b0d1d77c30669b5cc6dccdd3628fc6d29384c0cf7fce17bf31613

SHA512
74d5b156b2fc46cbffc3be05902702894d8b3b98c3cf7d0144e883748ef0fc9725d10e65d68a409f1d1906500b011e1b317bc3ae012923883932cd3cdad9d07f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\login.xml

Filesize
4KB

MD5
3ef24a4250c0cbe2138942084edf92c9

SHA1
63384f458570a12eb158c0e564ae14c0e14236fe

SHA256
df351598bb61c2697549093dd7b5ded2f1bafc126ade7d2996a4450e1b242021

SHA512
7eb26fd0563c99d5082ae15eeba51a838bceb68f1abf740dea12f4e45e5dd08f9cc06717f71bfeb09deacda335b83b29a659b50f44f1f74f5ebf23ffefcb5168

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\main.xml

Filesize
12KB

MD5
b3357045446b523ae92db299d4496284

SHA1
211b645a1ee4610b40034c0b9a14eef2018e818e

SHA256
7f6cbc310741b713847c04f47f6e9e9d88e6518849a8e58b854857de22cf69a9

SHA512
fea5f09afa7edc1c776f84c61ce4bc13912c208c94b9c387fd06f6b6c33871facba0fcec8f2ae703c5c66f1280f3f3e5881beee52159c4584ed69741616dbd20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\maino.xml

Filesize
12KB

MD5
c282df7c69fa2d9f24adbcf5a47a6c04

SHA1
8e97ff001c804166f1777e759012325cee164e76

SHA256
2e2a5bacd3c7ddbc3172589f6829bcc64f07fc255884a305713ffc97f97eb56a

SHA512
fdd951ded0d4663da22ccb7cb14df126304221214b75e7312d70e523db2c36694c964f314bd68687dfe44ec56ab501f50e388fccee907b911b38cb79186ca465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\node.xml

Filesize
822B

MD5
ae5cd573eb213e40cafc9db8d9deee5d

SHA1
0680810dde690819a60e6f1ad54c91e5052b68a9

SHA256
b348e582e6083bed794b4f46816796397a56282c8a13b3b29ce882315c49e336

SHA512
58a746b15dc8842a99a80faf8b66c717c12d9d1b20cd5697569c87d7532e5f2ef9477a002d0630bba1172324e04ee1b4eec65c8a2c76bbd5f1a2967741084876

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\nodeselect.xml

Filesize
7KB

MD5
ce0e9ec71ba68c166e4f37a753c9d266

SHA1
c1d0efb99362a50f2efb1e9120e2666a7ccdbd6d

SHA256
a22e3d374686789f1aa6dd29ac0436af08854bf95472aff9c31ab9ef37c956ab

SHA512
be651bf1cca4aee1c1915292704fc75062646e951e9193b277ab169a26ff1ddcb824f56cd09789b790e1872c25237a7a8cd56335e6eee53139f2dd553795e631

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\notic.xml

Filesize
1KB

MD5
3b2967b495664daa1f66f0c94d513420

SHA1
70f683fc186ebd2ed5daa9e9c8f4ef5fdbc92b44

SHA256
07cb66342e1f0247985d7798dddf93955493ffcb2e47e7228fbe9971cd617dac

SHA512
f24ec839a34f48b3e4ff45b880802792b0e4116a72d547b100f606f2f8400e854e1ed5d0dc42625cca88cbc94a6ba0a6dbcf5e3db3f03fb4e1ab15d285e178ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\phone.xml

Filesize
1KB

MD5
2972cd0247f83b37f6912ce84765de6d

SHA1
71f0f7253941124bdd071d4f7bf07b6c729ed3b1

SHA256
c012093dcf5f606c958a74a6656f8c2a50611c4ee40ea7ff1fc5f86f9f7da612

SHA512
27ef4713daeb822dc964a3542934fed66f403d423d5d05494b50ee2cb0a7d6597e73beb41a58e5dfc83aaeeb36232984bbee23fbc6e6f70366e138b07e1c5df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\repair.xml

Filesize
1KB

MD5
cc0b9b2a660a3527d6897357175f01bc

SHA1
3cc0fa824d92cd0a41e5ae2531ff12150035017e

SHA256
f359ae4a804ebe6062938c4224abd67567128ae8c5fe991942c05ac04645bf14

SHA512
8b4f2c8fb701781ac2136c9478620f2d377f381c02fe5186f4fb4b42233bed0c29a5db62ff99639d93ea0cd686aa480b30a3b03c7de7c1b74f2821249915ed43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update.xml

Filesize
1KB

MD5
833113353f2cebf834f76f2ff6c1cc5d

SHA1
0e1fd58dd6bc15cdd1d47c96fd4a8e5622ed7916

SHA256
2d113f88c6a9f3d9544f0f2d601f08ca6be4a3910a8dbe945372d4ed2caaab80

SHA512
5d75c73baba1b537bda1021f9ba4b8479154c9d87de4e328370fe84eb9ce0a13c87e8ccfd8c725578b7afee717a3d89b40ab4d48005acc66532684c270317e1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\Immediatelyupdated-normal.png

Filesize
1KB

MD5
cd23ae08f85978c095b908e8c9acdbca

SHA1
b92373ecbc9715d7c87e47ca1a11df2658a8132a

SHA256
894aeb533465976693f91167b9bfbc7bd0d64431e87514bb75248812b21d013f

SHA512
345e97336f341d7597ca7c335f815b79e12b416630a6ebbc6888da7f9e69ffae9fa838871e1556281a9b3dd70036f8b90bca7925bc153019b4fe52afc5717b50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\Immediatelyupdated-pressed.png

Filesize
1KB

MD5
ce33adab7b65e96c6f02bdd96e2af600

SHA1
9545ba409f79812e26d85a4c927616b08380046a

SHA256
b2cdf7f8ef72d88bef8535551c8705d9af2727dae5463485aff306bc09d0b5ed

SHA512
8dc7b4b10e1f51a28f832eef5ad170a092022eee7a1bc9e33f8f204a879ae78314a57dcf65fb73bfe639035ce433fbac551e862ccb8a800bd35b4bb14ef097df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\Immediatelyupdated-selected.png

Filesize
1KB

MD5
8876f4ce2bac0277743de2cb614a9c10

SHA1
ba440c59ce750253abf1e70d65b9847f74d447e0

SHA256
a37f3146d670078040eb826489806e7c09331a37a6e5a73046b2210aaed6b27f

SHA512
1bc2ff13bc8e7d41f963243588b65600e2b9102a7b731d392e843cdccf37a093577feb6f98844492ed9fc975354d1a533bfc89d9ecfebbee383a4685931f60c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\Nextupdate-normal.png

Filesize
795B

MD5
39f83eff96b265ea76d1431e879b37da

SHA1
20e55b0e9f1c83c00f2ee0edc5c86a8fa82cc4fa

SHA256
24a7ef6c08d8970500319bc3386e21e9a1e9929c75ee83c5877b6037d8d51402

SHA512
4716027e6609c74d1ebfcb63912d89e9650e59dbe2dd9b9a6c4d47ff69ce625443fe4ddf24aff53bf7cb1d01df7ba029f91c4f1844980f37bf0c68c1a4cf4c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\Nextupdate-pressed.png

Filesize
792B

MD5
a1a557e491168422b270a84c598b0e3f

SHA1
aff46541b2adc958fe25a057b9a69db84e3fae55

SHA256
ec70ce2a12dadfefba7c988436ec86c6823ba883a1ff98737f94371f22b7be3a

SHA512
d58237f989aac965eb98ff8a685903c4d03eb9080da7dc471ed3f3bae4c0b73c683f7d893bc0babc0f50d373fae8d089c4555debecc157e9bed458ee956addc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\Nextupdate-selected.png

Filesize
854B

MD5
25d6ca9afa906e5ac3a3286c8e94eb60

SHA1
a189d91ef94fa783016419ef66f39995105485ea

SHA256
15303a08b6864d68510c4349e80f13f0e71591e6e3685dd8a4509b1d5fe6e069

SHA512
7ddc81d0091f3bd80f15f4fc04889bf5a198fc5a37316fde8de598b5a4a9f974793967d1bdfb53a705ceb4619de29f210076fd308cdfed6d7969949cab228dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\update_finish.png

Filesize
11KB

MD5
931963a8c5adf689aff9c1b46387d4e3

SHA1
f689b434c7c7f5e126b934fbab0e41bb2fb9b113

SHA256
b5eb925db60379f1cbf25944c2b1e2d1bc2a049b2b6c812386970855685a73dc

SHA512
5af751fd4f4d654c7dd84ceadb949039f8758d7c0c6fdf804d63a964f1a9df3e2ec5a5fecc90c3bdaf959a7094d6da266704cd1fec22fe697784fdcae26bd752

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\update\update_setup.png

Filesize
11KB

MD5
78673aa912112c6b839e972f23218de7

SHA1
fb81ba0589158ad1ff22c9f79a3c1feace45789d

SHA256
2ff43d7b84134a4ba020a43d55350fe11cc314e934eda335c180c8d01b9d757a

SHA512
9d63066519d76add10df0c5ec0ee2a6ec828f7e4ae43f672e71b594eba379d06dea2906f12061947237575c9fc513007c0dd0f48cf0790e277fdc3445c0537fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dui\updateok.xml

Filesize
1KB

MD5
05c1889b1c72f3e88e1519e345deb0a2

SHA1
31990bb3c8dbd1e56046e71bb034905d8639295b

SHA256
c3fd4602f3fdbc14aac583c1615ea4a67f333468af95151182a825457ef70688

SHA512
51f66e7b2aea1843fdae20f9452ad6a41cb1823c0be983ab6beeabac2c97001ab33e5177172435dceb21a1a5d0960b205a9376c206e4f68115b3d58920d2183d

Download Submit
memory/3352-0-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads