Overview

overview

7

Static

static

1

brave.bat

windows7-x64

1

brave.bat

windows10-2004-x64

1

brave.ps1

windows7-x64

1

brave.ps1

windows10-2004-x64

1

brave.vbs

windows7-x64

3

brave.vbs

windows10-2004-x64

7

notepad.bat

windows7-x64

1

notepad.bat

windows10-2004-x64

1

notepad.ps1

windows7-x64

1

notepad.ps1

windows10-2004-x64

1

notepad.vbs

windows7-x64

3

notepad.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2023, 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    brave.bat

  • Size

    253B

  • MD5

    cb4f8bad62ca4f8abaa4f756fc8eb445

  • SHA1

    f90371d91dc50c77b226be58734905975134ea02

  • SHA256

    c4fae8ee516d3a293d72ce274f065bde2c7098c8f067d76f0aa1dc4bbd4dde9a

  • SHA512

    12c8135a6544667f2d83b744fc97d148062640fdcbfcd84d9f063e34fd09404c50acf2784a861ab31c696e08276ddad75814e00164ae084b756e05090ff380e8

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\brave.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Public\brave.ps1"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3052-4-0x000000001B3D0000-0x000000001B6B2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3052-5-0x0000000002040000-0x0000000002048000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3052-6-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3052-7-0x00000000029A0000-0x0000000002A20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3052-8-0x00000000029A4000-0x00000000029A7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3052-9-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3052-10-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

    Filesize

    9.6MB

    Download