Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05-03-2024 12:37
Static task
static1
Behavioral task
behavioral1
Sample
gen/Nameware Free Gen.bat
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
gen/Nameware Free Gen.bat
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
gen/Nameware Free Gen.bat
-
Size
35KB
-
MD5
b1e410d058e2461102b6855520e80a94
-
SHA1
eeda68322cedb7197dd341785290807b8b107620
-
SHA256
c4ded6b3e0af42138bfea1cbe8865a6b1d6604b64f4915ab7bce9aaeec8bef0e
-
SHA512
524cc8f0fe848240ef4bb3cdf1f033b62a4ee9b52b1dc6c15109ecaf96dd6d8f0c59565cc543b441f6e50bca9678e90f0ee204a324766b59c5da67126e4c8cec
-
SSDEEP
768:WQZlr38u/LOzTWyv+C42E42aSCghIcjH3oyjoyhPekLLokLL76VkLLHwkLDkLP9J:WQZlT8GLOzTWyv+C42E42aSCghIcjH3e
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 2 discord.com -
Delays execution with timeout.exe 13 IoCs
pid Process 1692 timeout.exe 2940 timeout.exe 1240 timeout.exe 1368 timeout.exe 2912 timeout.exe 1636 timeout.exe 2652 timeout.exe 3044 timeout.exe 2484 timeout.exe 1512 timeout.exe 2312 timeout.exe 2504 timeout.exe 3020 timeout.exe -
Runs ping.exe 1 TTPs 17 IoCs
pid Process 2300 PING.EXE 2544 PING.EXE 2384 PING.EXE 2120 PING.EXE 2576 PING.EXE 2972 PING.EXE 3036 PING.EXE 2748 PING.EXE 2428 PING.EXE 1912 PING.EXE 1616 PING.EXE 2000 PING.EXE 2756 PING.EXE 2620 PING.EXE 2708 PING.EXE 2044 PING.EXE 2868 PING.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1812 wrote to memory of 2952 1812 cmd.exe 29 PID 1812 wrote to memory of 2952 1812 cmd.exe 29 PID 1812 wrote to memory of 2952 1812 cmd.exe 29 PID 1812 wrote to memory of 3044 1812 cmd.exe 30 PID 1812 wrote to memory of 3044 1812 cmd.exe 30 PID 1812 wrote to memory of 3044 1812 cmd.exe 30 PID 1812 wrote to memory of 2300 1812 cmd.exe 31 PID 1812 wrote to memory of 2300 1812 cmd.exe 31 PID 1812 wrote to memory of 2300 1812 cmd.exe 31 PID 1812 wrote to memory of 2756 1812 cmd.exe 32 PID 1812 wrote to memory of 2756 1812 cmd.exe 32 PID 1812 wrote to memory of 2756 1812 cmd.exe 32 PID 1812 wrote to memory of 2120 1812 cmd.exe 33 PID 1812 wrote to memory of 2120 1812 cmd.exe 33 PID 1812 wrote to memory of 2120 1812 cmd.exe 33 PID 1812 wrote to memory of 2620 1812 cmd.exe 34 PID 1812 wrote to memory of 2620 1812 cmd.exe 34 PID 1812 wrote to memory of 2620 1812 cmd.exe 34 PID 1812 wrote to memory of 2708 1812 cmd.exe 35 PID 1812 wrote to memory of 2708 1812 cmd.exe 35 PID 1812 wrote to memory of 2708 1812 cmd.exe 35 PID 1812 wrote to memory of 2576 1812 cmd.exe 36 PID 1812 wrote to memory of 2576 1812 cmd.exe 36 PID 1812 wrote to memory of 2576 1812 cmd.exe 36 PID 1812 wrote to memory of 2044 1812 cmd.exe 37 PID 1812 wrote to memory of 2044 1812 cmd.exe 37 PID 1812 wrote to memory of 2044 1812 cmd.exe 37 PID 1812 wrote to memory of 2544 1812 cmd.exe 38 PID 1812 wrote to memory of 2544 1812 cmd.exe 38 PID 1812 wrote to memory of 2544 1812 cmd.exe 38 PID 1812 wrote to memory of 2748 1812 cmd.exe 39 PID 1812 wrote to memory of 2748 1812 cmd.exe 39 PID 1812 wrote to memory of 2748 1812 cmd.exe 39 PID 1812 wrote to memory of 2484 1812 cmd.exe 40 PID 1812 wrote to memory of 2484 1812 cmd.exe 40 PID 1812 wrote to memory of 2484 1812 cmd.exe 40 PID 1812 wrote to memory of 2428 1812 cmd.exe 41 PID 1812 wrote to memory of 2428 1812 cmd.exe 41 PID 1812 wrote to memory of 2428 1812 cmd.exe 41 PID 1812 wrote to memory of 2504 1812 cmd.exe 42 PID 1812 wrote to memory of 2504 1812 cmd.exe 42 PID 1812 wrote to memory of 2504 1812 cmd.exe 42 PID 1812 wrote to memory of 1912 1812 cmd.exe 43 PID 1812 wrote to memory of 1912 1812 cmd.exe 43 PID 1812 wrote to memory of 1912 1812 cmd.exe 43 PID 1812 wrote to memory of 1636 1812 cmd.exe 44 PID 1812 wrote to memory of 1636 1812 cmd.exe 44 PID 1812 wrote to memory of 1636 1812 cmd.exe 44 PID 1812 wrote to memory of 1616 1812 cmd.exe 45 PID 1812 wrote to memory of 1616 1812 cmd.exe 45 PID 1812 wrote to memory of 1616 1812 cmd.exe 45 PID 1812 wrote to memory of 2940 1812 cmd.exe 46 PID 1812 wrote to memory of 2940 1812 cmd.exe 46 PID 1812 wrote to memory of 2940 1812 cmd.exe 46 PID 1812 wrote to memory of 2972 1812 cmd.exe 47 PID 1812 wrote to memory of 2972 1812 cmd.exe 47 PID 1812 wrote to memory of 2972 1812 cmd.exe 47 PID 1812 wrote to memory of 3020 1812 cmd.exe 48 PID 1812 wrote to memory of 3020 1812 cmd.exe 48 PID 1812 wrote to memory of 3020 1812 cmd.exe 48 PID 1812 wrote to memory of 3036 1812 cmd.exe 49 PID 1812 wrote to memory of 3036 1812 cmd.exe 49 PID 1812 wrote to memory of 3036 1812 cmd.exe 49 PID 1812 wrote to memory of 2652 1812 cmd.exe 52
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\gen\Nameware Free Gen.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Windows\system32\chcp.comchcp 650012⤵PID:2952
-
-
C:\Windows\system32\timeout.exetimeout 22⤵
- Delays execution with timeout.exe
PID:3044
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2300
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2756
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2120
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2620
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2708
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2576
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2044
-
-
C:\Windows\system32\PING.EXEping localhost -n 12⤵
- Runs ping.exe
PID:2544
-
-
C:\Windows\system32\PING.EXEping discord.com2⤵
- Runs ping.exe
PID:2748
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:2484
-
-
C:\Windows\system32\PING.EXEping www.paysafecard.com2⤵
- Runs ping.exe
PID:2428
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:2504
-
-
C:\Windows\system32\PING.EXEping www.amazon.com2⤵
- Runs ping.exe
PID:1912
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:1636
-
-
C:\Windows\system32\PING.EXEping play.google.com2⤵
- Runs ping.exe
PID:1616
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:2940
-
-
C:\Windows\system32\PING.EXEping store.steampowered.com2⤵
- Runs ping.exe
PID:2972
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:3020
-
-
C:\Windows\system32\PING.EXEping netflix.com2⤵
- Runs ping.exe
PID:3036
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:2652
-
-
C:\Windows\system32\PING.EXEping www.spotify.com2⤵
- Runs ping.exe
PID:2868
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:1512
-
-
C:\Windows\system32\PING.EXEping www.xbox.com2⤵
- Runs ping.exe
PID:2000
-
-
C:\Windows\system32\timeout.exetimeout 02⤵
- Delays execution with timeout.exe
PID:1240
-
-
C:\Windows\system32\timeout.exetimeout 12⤵
- Delays execution with timeout.exe
PID:2312
-
-
C:\Windows\system32\timeout.exetimeout 22⤵
- Delays execution with timeout.exe
PID:1692
-
-
C:\Windows\system32\timeout.exetimeout 22⤵
- Delays execution with timeout.exe
PID:1368
-
-
C:\Windows\system32\PING.EXEping www.google.com2⤵
- Runs ping.exe
PID:2384
-
-
C:\Windows\system32\timeout.exetimeout 22⤵
- Delays execution with timeout.exe
PID:2912
-