Overview

overview

10

Static

static

1

stodio.bat

windows7-x64

1

stodio.bat

windows10-2004-x64

1

stodio.ps1

windows7-x64

10

stodio.ps1

windows10-2004-x64

10

stodio.vbs

windows7-x64

3

stodio.vbs

windows10-2004-x64

7

zilla.bat

windows7-x64

1

zilla.bat

windows10-2004-x64

1

zilla.ps1

windows7-x64

1

zilla.ps1

windows10-2004-x64

1

zilla.vbs

windows7-x64

3

zilla.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231130-en
  • resource tags

    arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2023 17:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zilla.bat

  • Size

    239B

  • MD5

    fdfe802abefe653f23aeedf7762fa12a

  • SHA1

    f5b98a87c74c2919b9e27871ea8b4c2ce8acfad2

  • SHA256

    af3c368631fb276e5e2e97d082d0b1222ed0db7d327fc699f35106e071c7f33d

  • SHA512

    97ab620c439f3c715788a59925c00d224d47d06a5d7eec1786d6bcb0d66523532cadef9703a0488a597fdae6bf14e1817f0678bff7b824282f7ff70b6920e217

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\zilla.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\zilla.ps1'"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2212-4-0x000000001B6B0000-0x000000001B992000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2212-6-0x000007FEF5640000-0x000007FEF5FDD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2212-5-0x0000000002310000-0x0000000002318000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-8-0x00000000028E0000-0x0000000002960000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2212-9-0x00000000028E0000-0x0000000002960000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2212-11-0x00000000028E0000-0x0000000002960000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2212-10-0x000007FEF5640000-0x000007FEF5FDD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2212-7-0x00000000028E0000-0x0000000002960000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2212-12-0x000007FEF5640000-0x000007FEF5FDD000-memory.dmp

    Filesize

    9.6MB

    Download