98a90912b0248bb92b56ef2d36dae84cedccee87342ac0342b571af44ccdf085

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 11:16

Target

brave.bat
Size

253B
MD5

cb4f8bad62ca4f8abaa4f756fc8eb445
SHA1

f90371d91dc50c77b226be58734905975134ea02
SHA256

c4fae8ee516d3a293d72ce274f065bde2c7098c8f067d76f0aa1dc4bbd4dde9a
SHA512

12c8135a6544667f2d83b744fc97d148062640fdcbfcd84d9f063e34fd09404c50acf2784a861ab31c696e08276ddad75814e00164ae084b756e05090ff380e8

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3052	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3052	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 3052	884	cmd.exe	29
PID 884 wrote to memory of 3052	884	cmd.exe	29
PID 884 wrote to memory of 3052	884	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\brave.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Public\brave.ps1"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3052

memory/3052-4-0x000000001B3D0000-0x000000001B6B2000-memory.dmp

Filesize
2.9MB

Download
memory/3052-5-0x0000000002040000-0x0000000002048000-memory.dmp

Filesize
32KB

Download
memory/3052-6-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

Filesize
9.6MB

Download
memory/3052-7-0x00000000029A0000-0x0000000002A20000-memory.dmp

Filesize
512KB

Download
memory/3052-8-0x00000000029A4000-0x00000000029A7000-memory.dmp

Filesize
12KB

Download
memory/3052-9-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

Filesize
9.6MB

Download
memory/3052-10-0x000007FEF5EA0000-0x000007FEF683D000-memory.dmp

Filesize
9.6MB

Download