Overview

overview

1

Static

static

1

kevinn.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    87s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-12-2023 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kevinn.bat

  • Size

    3KB

  • MD5

    353029698b5eb569fddc1dcc7a75f458

  • SHA1

    7ab8ad9f5fed08ced5dec12054c4150acdd8a8c8

  • SHA256

    7c8cf3c22136bb3fedd11a2b46165350e62041d5873d79d8a9d39d6edbd45750

  • SHA512

    a9790bf662e790832dd81f4147d7d11ebcb533f3117b9f0a28ab98549ce5e81609bab62638cf1085d69018c4e7f8cd261795c002be9ee74daa57d7dcd2d4b710

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 26 IoCs
  • Views/modifies file attributes 1 TTPs 7 IoCs
    evasion

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\kevinn.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Windows\system32\attrib.exe
      attrib +h C:\Users\Admin\AppData\Local\Temp\kevinn.bat
      2⤵
      • Views/modifies file attributes
      PID:2836
    • C:\Windows\system32\attrib.exe
      attrib +h /s /d
      2⤵
      • Views/modifies file attributes
      PID:3064
    • C:\Windows\system32\cipher.exe
      cipher /e /s /a
      2⤵
        PID:2292
      • C:\Windows\system32\attrib.exe
        attrib +h /s /d
        2⤵
        • Views/modifies file attributes
        PID:2768
      • C:\Windows\system32\cipher.exe
        cipher /e /s /a
        2⤵
          PID:544
        • C:\Windows\system32\attrib.exe
          attrib +h /s /d
          2⤵
          • Views/modifies file attributes
          PID:4424
        • C:\Windows\system32\cipher.exe
          cipher /e /s /a
          2⤵
            PID:3616
          • C:\Windows\system32\attrib.exe
            attrib +h /s /d
            2⤵
            • Views/modifies file attributes
            PID:224
          • C:\Windows\system32\cipher.exe
            cipher /e /s /a
            2⤵
              PID:3936
            • C:\Windows\system32\attrib.exe
              attrib +h /s /d
              2⤵
              • Views/modifies file attributes
              PID:5028
            • C:\Windows\system32\cipher.exe
              cipher /e /s /a
              2⤵
                PID:4940
              • C:\Windows\system32\attrib.exe
                attrib +h /s /d
                2⤵
                • Views/modifies file attributes
                PID:2316
              • C:\Windows\system32\cipher.exe
                cipher /e /s /a
                2⤵
                  PID:1608

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\Downloads\do not close.txt
                Filesize

                132B

                MD5

                460791485d870c39dc5273ea2ddfc119

                SHA1

                a247fb46e29831ebea2c4984061a1c80ed67295f

                SHA256

                257ea28c54cdb0fea4cb56dd97067978cde53585872fe22eb6f152d20bff1251

                SHA512

                e64ef367731ba22232fb1112aeafc0f2098a05321098f481d45e6e10b74ff645ed644c8c511e5cfafcf16e0da9c91c2641ed5aa8f6fbb36a43445d013f0e3e52

                Download Submit