Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
03/01/2024, 14:16
General
-
Target
EV去除录屏检测工具v2.81/EV去除录屏检测工具v2.81/关闭系统杀毒.bat
-
Size
1KB
-
MD5
7901cb31a047e5882333715d239c6891
-
SHA1
3ca110edeefef8ff25deff6f7107208d5b5fb216
-
SHA256
32906fd9d02aa0bbaa29f45351f189d2581f1c843a5ded22e9e3b11eb18a6ff2
-
SHA512
7f23d20fe6067b502dc742c5b609b327583d17fa1c3497a820f9f49670240b98e26281d4209794013bf47aaffd7c67c5bf1527af9ddb25ac6db43bf6eb5b3bcc
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\EV去除录屏检测工具v2.81\EV去除录屏检测工具v2.81\关闭系统杀毒.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c C:\Users\Admin\AppData\Local\Temp\EVV2~1.81\EVV2~1.81\2873~1.BAT ::","","runas",1)(window.close)2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\EVV2~1.81\EVV2~1.81\2873~1.BAT ::3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\choice.exechoice /c 12 /n /m "╟δ╩Σ╚δ╤í╧εú¿1╗≥2ú⌐ú║"4⤵
-
-
-