9f4189a5317da63ebdd502c9a26f9f4f7661d4354f83c3be36e60a33fa93a067

Analysis

max time kernel
8s
max time network
25s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
21/02/2024, 15:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

data/flutter_assets/assets/matchmaker/kill.bat
Size

81B
MD5

01e59733fd15aa3f749ed9f269898aff
SHA1

63d7c68d9e1335d452b9d72329c8ad146762df96
SHA256

4c6e68ed54e514fd61a334c3c03b2eedcc840aa0d861aafe8b3cd8de63079568
SHA512

c32ed6d3818c57cf956d94084eb8397dee3baccc0321e789d0b77f1cd3a214e4458bee6ba408a52cddcb678ece5c8ab69c62a391f8d388edefc60e0fd39fdf90

Score

1^/10

Malware Config

Signatures

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2076	NETSTAT.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2076	NETSTAT.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 4560	2380	cmd.exe	73
PID 2380 wrote to memory of 4560	2380	cmd.exe	73
PID 4560 wrote to memory of 2076	4560	cmd.exe	74
PID 4560 wrote to memory of 2076	4560	cmd.exe	74
PID 4560 wrote to memory of 4536	4560	cmd.exe	75
PID 4560 wrote to memory of 4536	4560	cmd.exe	75

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\data\flutter_assets\assets\matchmaker\kill.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c netstat -aon | find ":8080"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Windows\system32\NETSTAT.EXE
    netstat -aon
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:2076
- - C:\Windows\system32\find.exe
    find ":8080"
    3⤵
    PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads