Overview

overview

7

Static

static

7

1.vbs

windows7-x64

1

1.vbs

windows10-2004-x64

1

3.bat

windows7-x64

1

3.bat

windows10-2004-x64

1

3.vbs

windows7-x64

3

3.vbs

windows10-2004-x64

3

bho.exe

windows7-x64

3

bho.exe

windows10-2004-x64

3

t2.exe

windows7-x64

7

t2.exe

windows10-2004-x64

7

test.exe

windows7-x64

7

test.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3.bat

  • Size

    1KB

  • MD5

    598a85adc5bbc3928454260ab745e7a7

  • SHA1

    0f7a67b353ffc10efb2557ce60032a994cd149ab

  • SHA256

    d6b54f6dcf009752cff0d57f70c0f91a8678e611d083a8d1c9bed35e7df4924d

  • SHA512

    c66eb5f9057eaf5152405478c1e13252b96e4d332ef408f1c155c2513009d1da72995465fe3d8aaee7a65871521a662c2d942f82fbd617fce24f69815d91e5dc

Score
1/10

Malware Config

Signatures

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\reg.exe
    reg del "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /v
    1⤵
      PID:808
    • C:\Windows\system32\reg.exe
      reg add "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /v "" /d "C:\Program Files\Internet Explorer\iexplore.exe http://www.006dh.com/?cnfree" /f
      1⤵
      • Modifies registry class
      PID:4792
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\3.bat"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2704

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads