fb8f0ad44b477f5baf24fa26a61296f61f5e6e3cc1141ec82978be3afdf02faa

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Valorant Optimization Pack - OGTech/4. Clean-Ups/Clear DNS Cache (Ping Improve).cmd
Size

99B
MD5

f0deed8e4300ddeae9a411eb67a8570a
SHA1

6ef6b925476d5812a8a41c1c44605d091e4bef69
SHA256

e22e3df20ba829d68412f37848ef23faf72927f529de22f5e5c127488d2724b3
SHA512

bc51c3069e781317807a731b10074401c8f738e5bb0fb5bb39071c9b18878e128dcd1efb79e78852dc8f1f74311de4d9a63ee3fd21f734d98d9851faafb6138c

Score

1^/10

Malware Config

Signatures

Gathers network information 2 TTPs 3 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3700	ipconfig.exe
2508	ipconfig.exe
3076	ipconfig.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 3700	2012	cmd.exe	86
PID 2012 wrote to memory of 3700	2012	cmd.exe	86
PID 2012 wrote to memory of 2508	2012	cmd.exe	87
PID 2012 wrote to memory of 2508	2012	cmd.exe	87
PID 2012 wrote to memory of 3076	2012	cmd.exe	88
PID 2012 wrote to memory of 3076	2012	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Valorant Optimization Pack - OGTech\4. Clean-Ups\Clear DNS Cache (Ping Improve).cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\system32\ipconfig.exe
  ipconfig /flushdns
  2⤵
  - Gathers network information
  PID:3700
- C:\Windows\system32\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2508
- C:\Windows\system32\ipconfig.exe
  ipconfig /renew
  2⤵
  - Gathers network information
  PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...