Overview

overview

7

Static

static

3

TNod-1.4.2...ig.bat

windows7-x64

6

TNod-1.4.2...ig.bat

windows10-2004-x64

6

TNod-1.4.2...te.bat

windows7-x64

6

TNod-1.4.2...te.bat

windows10-2004-x64

6

TNod-1.4.2...er.bat

windows7-x64

6

TNod-1.4.2...er.bat

windows10-2004-x64

6

TNod-1.4.2...se.bat

windows7-x64

6

TNod-1.4.2...se.bat

windows10-2004-x64

6

TNod-1.4.2...le.exe

windows7-x64

6

TNod-1.4.2...le.exe

windows10-2004-x64

6

TNod-1.4.2...up.exe

windows7-x64

7

TNod-1.4.2...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TNod-1.4.2-Final-Portable/Config.bat

  • Size

    24B

  • MD5

    33558757b5064e42eb8e66caf7c0a084

  • SHA1

    654b9f27764f828ef985bbc0c5321f657d56d07e

  • SHA256

    1d51b84230f249b23e298a01faf34365e7d390cec578e3470a1899767f281324

  • SHA512

    d9dee1356afe5eeb58e82c4d70afa979cd21638cb0bea9c1692ba90866bf0654e53a7def4c1a7ebe52e1173d703167d91bfac6495ef6971ed8e55e8548a0b1f8

Score
6/10

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\TNod-1.4.2-Final-Portable\Config.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\TNod-1.4.2-Final-Portable\TNODUP-Portable.exe
      TNODUP-Portable /s
      2⤵
      • Checks for any installed AV software in registry
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2716-0-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-2-0x00000000001E0000-0x000000000020E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2716-3-0x0000000000290000-0x0000000000292000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2716-4-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-5-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-6-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-7-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-1-0x00000000001E0000-0x000000000020E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2716-11-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-9-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-13-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-14-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-15-0x0000000000400000-0x00000000006F1000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2716-16-0x00000000001E0000-0x000000000020E000-memory.dmp

    Filesize

    184KB

    Download