Overview

overview

3

Static

static

1

yes.bat

windows7-x64

3

yes.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-02-2024 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yes.bat

  • Size

    4KB

  • MD5

    0ce7a6b2c21f3f15472a20687662625e

  • SHA1

    93d69bad32ba246f22ea02a5f5696c34aea292c0

  • SHA256

    89fe592e5b40bdd0ff3850893f50d3e178efa6bfaeb7dc64fba4a7d3841327a2

  • SHA512

    6d5ebcb5c38b2d56627daaf9b7f262bb95d1dc6871214c207c2daec3f95464f69e50ee70480c97cc4ce1e343a61b3f2c4d49c8b1fefa73ac8b81d20287aa9763

  • SSDEEP

    96:krExshDl8df//RcjGgydEDUjZzDffL5oEr6nriXoUi:kreshDetJcjTqEDUjZzbfL5KriYUi

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\yes.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Windows\system32\mode.com
      mode 75, 30
      2⤵
        PID:3004
      • C:\Windows\system32\chcp.com
        chcp 65001
        2⤵
          PID:2680
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell exit
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2248
        • C:\Windows\system32\cmd.exe
          cmd /c "mode 40, 15 && title Scanning Ports... && PortScanner.exe hosts="" ports=0>>portscan.txt"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2732
          • C:\Windows\system32\mode.com
            mode 40, 15
            3⤵
              PID:2196
          • C:\Windows\system32\PING.EXE
            ping localhost -n 5
            2⤵
            • Runs ping.exe
            PID:2424
          • C:\Windows\system32\taskkill.exe
            taskkill /im PortScanner.exe /f
            2⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:2192
          • C:\Windows\system32\PING.EXE
            ping localhost -n 1
            2⤵
            • Runs ping.exe
            PID:2292
          • C:\Windows\system32\cmd.exe
            cmd /c "mode 40, 15 && title Scanning Ports... && PortScanner.exe hosts="" ports=0>>portscan.txt"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:868
            • C:\Windows\system32\mode.com
              mode 40, 15
              3⤵
                PID:2376
            • C:\Windows\system32\PING.EXE
              ping localhost -n 5
              2⤵
              • Runs ping.exe
              PID:556
            • C:\Windows\system32\taskkill.exe
              taskkill /im PortScanner.exe /f
              2⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:2316
            • C:\Windows\system32\PING.EXE
              ping localhost -n 1
              2⤵
              • Runs ping.exe
              PID:1272
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" https://hardstresser.com/
              2⤵
              • Modifies Internet Explorer settings
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:940
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:940 CREDAT:275457 /prefetch:2
                3⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:1704
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:940 CREDAT:537605 /prefetch:2
                3⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:1084

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_91363364208F5CFFAABFD122AF4FD6BD
            Filesize

            472B

            MD5

            19e7d3dca6ace4a551e6fe07a3851933

            SHA1

            265e6299ed7d8b3c839cf668b2f01073cb694db4

            SHA256

            789bb7293eaac3281ca014b5e0ae459e0f9668ada1dc95c757bf5703ce8b0185

            SHA512

            b2625101e1baf9536c0abcfca9d1f1a2814130bdd55ea87f5dc6bf1279ef9e3de23c07d83f50ab190f257848c239273e051629055b76cd8b42b08fb376ea312a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            fc552085f1e67187a60f2aca2899ab20

            SHA1

            11ed337c50c537209c088c003ccf04054f38723f

            SHA256

            46d94b6f5711e535d1f18b9386af68618bc069d6fa8cd07cbd93aa669b676b6a

            SHA512

            bc16ba756d6c89141a37d550a690e8bfb5c4ebcbf1fe82ec54b715439ec6dade578ef6d0055d34d203bd98ddf5f9c2a5e51835d8517c06155cb1d17161ce4330

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b5f2021133baddadaa8649abc8edc085

            SHA1

            18d13c43c70a144298b83fd71d3b88693f065914

            SHA256

            864f13f01fdc2e3a057eccb532789846bc00b17a6e22735aa012ee8f23120399

            SHA512

            c23816143142659b026f7a749a1e3c1a31af3e5b64b913adf70f16bf1093adde797c4f077f946167d3958d6238f97966755b1fa76f04e917724d94f538b35937

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            2217df3ce3549e1f04d1cbc5eed41932

            SHA1

            6154de86d96ebac58ecf9fb2970714d13ac18670

            SHA256

            953273a03c21676986c872cfd6eae20aa0984709a182103e83607b8f589a2da0

            SHA512

            40fd8776b3dd8bd58c04827e963f14791cc781255586c06b2dbc31ac1aa18558827c201e402c036feacb73431059cabcace3c21236164bd8827b799840aa5908

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            766162a03f8a354d2cedfadea4f4d272

            SHA1

            aebf57c4ce640a2de94bef0bc0552d440fff9755

            SHA256

            6446bfcbb715fb33068c0311b39fa1ab9116525c09b6c7f84549427502e9b460

            SHA512

            7831c82aa4503909f740f5cacc67f0e3793c0f643c99f64eb3ecfe00c25f509fbf6e801a4cad582efd87c400c5ee3a2211d287425b5619a84f83e99c495e6d4f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            49e54066ce1aa174b48b09f29897570d

            SHA1

            6897c1f3981089ef3aebbdb8621403594577faf7

            SHA256

            f4dc7074849a0f8dc40e069f7c75df0f8c0723d6282fba5122fff724793a0fdc

            SHA512

            f603eb4432b12d9e95af39d04dbb3a2188bb12030bfe9e1e8e7a0696809f7d728ee60be872de13cf1eafcc64d277947de91e086a98d74e82441ad8bf8e169464

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            51cc434124948f05fff243afc77fe7df

            SHA1

            effab3df196de8590b1aa506648ef6a0e4935c5f

            SHA256

            59f129979cb8a249648a1fb4d60603438d9d80ef06ad2f04009766b91b6d517c

            SHA512

            72502eb4fef87b445599becb35b5c7aced383652a04783c303b80d4b15638e5a5aeb725de48ea18e73778a419e1afba951ff8add7149a3269bc8cb096d7543c2

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e2b13e12a37726662be9b15baf12b84c

            SHA1

            0396c0c03b701e44c304ae506f4e5b5017ad8121

            SHA256

            ed92d84ae593e7060eb099f9bcff17a4bf461a0a1fe96779e1eadcb7bd451a0c

            SHA512

            121a37d9cb77c33ac8a3f0732173c1141782462fab747fdc10d496bb11d9115ed1712a8f68d9d6e7086aaef32c4990861e96b23676e6af7258e436d7d70acd7d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            380f79fbb67a20c9421c860cd8ffd324

            SHA1

            5ab1fc9e059f4a3f3136f31fa1a2e999393ba36a

            SHA256

            75d0f7c006625da8fbafc8a8e4f1b920b37c91b78474069b3bc4f1d29d61eef5

            SHA512

            91bb3c00d261fcdbdff0ff9ab92a708a9dc75905aa241164be92110371fa1e3a4ab5474c21cfc68027e7082e27e9b82586a865f741d94107cc1dad7f738caac1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            0f107efec6f63d41ec49e2502097cd78

            SHA1

            4f67da1daf11d74f43348ccc90c9674a3afa91ac

            SHA256

            d1fee9897649695cb07215eab9244641baf7b5ac6201909fe5509448ee0dd0f2

            SHA512

            f371483423c232d339dae454dca9d9d14a01507e92ff47bc6624443fcdb197fb7153d363e3f0fe623672a016b97719be410bb6fe266fc2a57355b0b9c8418e17

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            ad7ec0823fad37b99eaf2c5d952871fc

            SHA1

            fd49d9da831b424446bdd344ed0b9a8f83f75a2d

            SHA256

            bf0e78a0350107b2233f499437efc5badfd881cf65cd0a5ff7a1baa987a76cfd

            SHA512

            ec24237efbab10838914ff0b776de7363fa6d7dbc1c209b41d31610fedf135e4e914535823c0426b05ff9dc6fa583a7647f240218d433628c039b61ec5fffe52

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            dcf5411004e4e01670fb1e3db9b1d79d

            SHA1

            a67dcc51e7059dea4bc9223668fbd7c66a1a0a86

            SHA256

            b844bf147fd7a06beb7f87e433267a36e05338df5b3256be92b01b6dc0a73eb6

            SHA512

            567672f3c37d199e1f2814fd49a1330114479c328ead3127e2771826ec5e70cb45b74e0fcd41ce875bda8a07e83d6df43db75df818b38ff1a5f48456eede1c4b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b6b2f3105a2649142398295747e568e9

            SHA1

            2519e8582f7acad13f7262be4ba8ab6184c3bdb0

            SHA256

            e575b629714c222b8e9906305b71aa1fec24168fd62817fac088a2ec87b171d9

            SHA512

            278a6fbf3bbcffaed3243a743775a53c8dc70346f2d2f81bf66a907e888c94e0bc6492fa73701f54d0a6b9dfc24d2d0941da51aad564a8f1b6f9c27143ca1dfd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            898f954afc7693de46da6c97af2f671d

            SHA1

            4f7e5220520498c8a591b8f426a77cd4f318bfad

            SHA256

            024083710bff4049a23238627745e9d94882f89a00aba0901ed7832d633e20c5

            SHA512

            3a6ae1083569764646c5728ed69936e5aa5150b0d241223f3047873524d141a9f179d14b9f58b636fec3a4944e00b53d09fc7817ea6c1ab915cfbb3614b3e2a5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e65dd2bc692c84c9eafe5a51fa859572

            SHA1

            ed3957ffb2ec7cf1fd6a1891d2a34785fd2f513b

            SHA256

            212a130b8628ffd1015da42abc89df55dfc0a8ae4dd9eee495b81cd413f0016f

            SHA512

            b04892ddbff2e0ed968e15aaa7227180ea428fb848338066f5931861c5d844b0ec1aefe105434bd026e3492b3cb49f2cd89575ead157fbc5b2269fc1a3946055

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            fec43884aff647a72fb194afca14d261

            SHA1

            58c7d87eba5eec515f1dceb3a1789742e4bbd701

            SHA256

            2787ed031c692c0b379a477ef1ce8b9ac371897e23c99682acf2ccd64291cb10

            SHA512

            ee6c408247675a0d487a485bdaecee99093010b014e6293577334cdf235db3cbdc5408d4344dc5fe17fb0c54e6136da2b8c0b225f3b3e10c77da678a9468179a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            26b47e90e8f7f172ffb9b8ed097e5985

            SHA1

            b7cfaf9bcf44467643059a8def5a1c32bea79ae5

            SHA256

            62513578d1a62ac71ae2abeee7a234378286dc635a6657962ec0080dae83cca5

            SHA512

            07a9ef307500ae15cbc80ed5d0c3cae04230bdb84fd708b9b9a90db39a9d7b974a5d7a8086831149ca038ba9e6b2d8f10cb7c8d6ee625b58f90d7061dff05d2f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            97a891e1502b5b8691997682d0d2ce16

            SHA1

            ba6ed3e8f3486ef5803a0ea6e8df883e97abadae

            SHA256

            860dbd76d51236e952df3d6d7b9d22d5d3e77b7565ec2dc55fe41025246f51c3

            SHA512

            d5d4dcb1b4ab224a9afb51e2e3f956093e1e8fd5961512b316953241167dd81ef942d207d863732b6fed4dfffee169f371da82850a9aa964693c068f0f92a7ba

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_91363364208F5CFFAABFD122AF4FD6BD
            Filesize

            410B

            MD5

            32dec966c6f04a6a4e994e0cc86b154f

            SHA1

            acb01b23a2a9944274fc0bd566ee24df79b8baa4

            SHA256

            93b138c9b3ee48bfc5ed04efeeac5696f82d509fa1f42560aa5714f6a8a35661

            SHA512

            40d5fa0fa984db944a7a06ec94259cd5e64d862041fd7aa4e7bf63a2e9f9d817348c42fc83276cf995b7ac9d19afbfb17c4569a55df1126ed96c9441a6cd3217

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat
            Filesize

            12KB

            MD5

            1e78d97e215c912ae24cb4198e61ac73

            SHA1

            e0379333ce91e0e86edee94f2fb0b6f5d5abf3e4

            SHA256

            1474291061f1bb8bd468afb9d74ff5eb54316c432cb7c8ebd0a804117e5eb98c

            SHA512

            b5ddf57115738a6f05346ef79dd67b14c93ebb4475caa7240dd436a75becf9586cd47b99060b927ff49bc52047cd8d357ed83baa2477d220639b037464302c6c

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].png
            Filesize

            12KB

            MD5

            aee43846739cc61973e30e1900a5e83d

            SHA1

            7ddb3cd791712e5afdfc0443c1928d8f5b2a0646

            SHA256

            434e4269c543fe401265933e4542f9d6f7c5e7a5abf69549a49303eca6115e16

            SHA512

            c58c81e88fd764ed5ac3c7e407d02f7d7d959b0809cc383f35f6cdc2ad037453273e00c5dccb5d63417f7d35b18c6225e4a0c19dcda4ed1c33742a5314eaa349

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab456.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar563.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\~DF6FBCDD40E0BE8F94.TMP
            Filesize

            16KB

            MD5

            9800476ec8bd264e319273d7d5094a19

            SHA1

            e53369ad75182a473aca13f117c11c6b5b506ba0

            SHA256

            5137f4224ab2816216b4a93c8e867a861d42561beda6438e7fcc6960966532ee

            SHA512

            6030fba569cc4b345f867c07e3ebf47b7ae166d3ba6a9c294fe86107732988c848fc458ba5058110ad4d15e5eb7d2909cde9640259a8c431c700e89ed76ccbe1

            Download Submit

          • memory/2248-10-0x000000000270B000-0x0000000002772000-memory.dmp

            Filesize

            412KB

            Download

          • memory/2248-11-0x000007FEF5F50000-0x000007FEF68ED000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2248-9-0x0000000002700000-0x0000000002780000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2248-8-0x000007FEF5F50000-0x000007FEF68ED000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2248-7-0x0000000002700000-0x0000000002780000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2248-6-0x000007FEF5F50000-0x000007FEF68ED000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2248-5-0x0000000002490000-0x0000000002498000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2248-4-0x000000001B1C0000-0x000000001B4A2000-memory.dmp

            Filesize

            2.9MB

            Download