Overview

overview

10

Static

static

1

conditionalbytes.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-03-2024 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    conditionalbytes.bat

  • Size

    3KB

  • MD5

    a8918f1cd71c29e870e6cbc3edb78ff4

  • SHA1

    af69a1626d4256f640349b9e3aa6b7ddd4d30c6e

  • SHA256

    97955878a45009a3dabaee453b8268757ec1b9ded1525fcb80466cf334d5137f

  • SHA512

    815e5358869632f21596ae0a5b6a5a0034a0053acfe67e3fdd2363c5620af6285e07daed734b3979696df3eb024c5041368a1d6e8f49bd44d8488a25012031b0

Score
10/10
hawkeyekeyloggerspywarestealertrojan

Malware Config

Signatures

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye
  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\conditionalbytes.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Windows\system32\systeminfo.exe
      systeminfo
      2⤵
      • Gathers system information
      PID:1004
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c find "System Type" C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Windows\system32\find.exe
        find "System Type" C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
        3⤵
          PID:368
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c find "OS Name" C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4604
        • C:\Windows\system32\find.exe
          find "OS Name" C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
          3⤵
            PID:5084
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /S /D /c" ECHO x64-based PC "
          2⤵
            PID:1932
          • C:\Windows\system32\find.exe
            find "64"
            2⤵
              PID:4428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3780 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
            1⤵
              PID:4548

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
              Filesize

              2KB

              MD5

              d72b4aa5520a71660417ccd03b8d07ab

              SHA1

              d581bb511d82ef78b4d0522517ff595019c57071

              SHA256

              33521023c6d587df0bb684a6e97f092d669fdefbfa2756bb33a4455745381586

              SHA512

              dfced019367bd0bb4dcd7ad4a7fed5ed7cd7595ef5c898abbf0660e8380b2853f620f2ba558bf3a8541198b054dc45b20d977d55ccb603263e9b15c55abcc302

              Download Submit