Overview

overview

1

Static

static

1

Launch.bat

windows7-x64

1

Launch.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 15:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launch.bat

  • Size

    19KB

  • MD5

    87739439d2217d83e15f1389549e41c9

  • SHA1

    567be03f8cf4425de8e1e5c274efc959d54ca231

  • SHA256

    c281b1d9b9d1f59fbde5d9042295fce56f7d4040fb3ef6fc389f0a49d5c53eac

  • SHA512

    bcae0632fecb4ab8a4a4715d022eb800020361e930102310c5631c7bdf28ddcaf382084bc20b64b9094cd9d68383b9e3db5ab9aec993181b74e1a4635f342254

  • SSDEEP

    384:UHpBGx8L4FUsPEBcM+6Rdi5jsTnE7H8r2:WpBGx88FUsPf6Rg5j4EHB

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Launch.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4960
    • C:\Windows\system32\chcp.com
      chcp.com 437
      2⤵
        PID:1368
      • C:\Windows\system32\find.exe
        find
        2⤵
          PID:1316
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c type tmp
          2⤵
            PID:3332
          • C:\Windows\system32\find.exe
            find
            2⤵
              PID:2320
            • C:\Windows\system32\findstr.exe
              findstr /L /I set C:\Users\Admin\AppData\Local\Temp\Launch.bat
              2⤵
                PID:4932
              • C:\Windows\system32\findstr.exe
                findstr /L /I goto C:\Users\Admin\AppData\Local\Temp\Launch.bat
                2⤵
                  PID:1168
                • C:\Windows\system32\findstr.exe
                  findstr /L /I echo C:\Users\Admin\AppData\Local\Temp\Launch.bat
                  2⤵
                    PID:2524
                  • C:\Windows\system32\findstr.exe
                    findstr /L /I pause C:\Users\Admin\AppData\Local\Temp\Launch.bat
                    2⤵
                      PID:3212
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c type tmp
                      2⤵
                        PID:4708

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\tmp
                      Filesize

                      14B

                      MD5

                      ce585c6ba32ac17652d2345118536f9c

                      SHA1

                      be0e41b3690c42e4c0cdb53d53fc544fb46b758d

                      SHA256

                      589c942e748ea16dc86923c4391092707ce22315eb01cb85b0988c6762aa0ed3

                      SHA512

                      d397eda475d6853ce5cc28887690ddd5f8891be43767cdb666396580687f901fb6f0cc572afa18bde1468a77e8397812009c954f386c8f69cc0678e1253d5752

                      Download Submit