Overview
overview
10Static
static
1stodio.bat
windows7-x64
1stodio.bat
windows10-2004-x64
1stodio.ps1
windows7-x64
10stodio.ps1
windows10-2004-x64
10stodio.vbs
windows7-x64
3stodio.vbs
windows10-2004-x64
7zilla.bat
windows7-x64
1zilla.bat
windows10-2004-x64
1zilla.ps1
windows7-x64
1zilla.ps1
windows10-2004-x64
1zilla.vbs
windows7-x64
3zilla.vbs
windows10-2004-x64
7Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
05-12-2023 17:55
Static task
static1
Behavioral task
behavioral1
Sample
stodio.bat
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
stodio.bat
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
stodio.ps1
Resource
win7-20231201-en
Behavioral task
behavioral4
Sample
stodio.ps1
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
stodio.vbs
Resource
win7-20231201-en
Behavioral task
behavioral6
Sample
stodio.vbs
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
zilla.bat
Resource
win7-20231130-en
Behavioral task
behavioral8
Sample
zilla.bat
Resource
win10v2004-20231127-en
Behavioral task
behavioral9
Sample
zilla.ps1
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
zilla.ps1
Resource
win10v2004-20231127-en
Behavioral task
behavioral11
Sample
zilla.vbs
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
zilla.vbs
Resource
win10v2004-20231127-en
General
-
Target
stodio.bat
-
Size
240B
-
MD5
eb7ab095198f2ac4bfce548fa5768f0a
-
SHA1
b2dfb2748f62fb6e9a4ea1318d1a0349abf7bafe
-
SHA256
0ee0bc61ef4263ca51688526a68cfe9a18dcb665b83fe7c61fbf03624804cc91
-
SHA512
9a61567e119ee5f425d41a7ac93097de5094b1c955ee8d845a3384800629658ec979660d36c366dbc620906b4444ca4f80262dcd634bb8b7e9a58ba71e015170
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 2256 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2256 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2136 wrote to memory of 2256 2136 cmd.exe powershell.exe PID 2136 wrote to memory of 2256 2136 cmd.exe powershell.exe PID 2136 wrote to memory of 2256 2136 cmd.exe powershell.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\stodio.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\stodio.ps1'"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2256