Overview

overview

10

Static

static

1

#𝔾𝕍 ...οΏ½οΏ½.bat

windows7-x64

3

#𝔾𝕍 ...οΏ½οΏ½.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2023 19:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    #𝔾𝕍 ℂ𝕃𝕀𝔼ℕ𝕋 π•πŸ›.𝟝.bat

  • Size

    20KB

  • MD5

    a7793c10f4e024c789964be67375ab2a

  • SHA1

    988d0af9a4ca435dd084ce541a250f6ba57f590a

  • SHA256

    770eedd081641838d18c615b60ea2658febcb6bb19a35a0fe1c569eeedb8026d

  • SHA512

    50e2b5c410fc1d865f446214bfc655ca64fcd17bde6e840f89bf4ecd2970203a173fc0d388a18cfd838b61bea397c0c9c851d7c946ec8d4343787162cd772f83

  • SSDEEP

    384:QNJuPLwF+5InJhMFcJqJ+C7inKvcO3oF57talCp1h2wHdpIhG/8J/D8Au99mmBkn:CJuT48InJhMFcJqJ+C7inKvcO3oF57tO

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\#𝔾𝕍 ℂ𝕃𝕀𝔼ℕ𝕋 π•πŸ›.𝟝.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\system32\cacls.exe
      "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
      2⤵
        PID:1652
      • C:\Windows\system32\notepad.exe
        notepad.exe C:\Users\Admin\AppData\Local\Temp\HOW_TO_USE.txt
        2⤵
        • Opens file in notepad (likely ransom note)
        PID:3020
      • C:\Windows\system32\PING.EXE
        ping -n 5 127.0.0.1
        2⤵
        • Runs ping.exe
        PID:2580

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads