Overview

overview

7

Static

static

3

BatchFiles.exe

windows7-x64

7

BatchFiles.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BatchFiles.exe

  • Size

    2.1MB

  • MD5

    d72a038cd1f874bd038bbd4047351b8d

  • SHA1

    b53ac279cdc5f6e01fbc350b943abfae2476d0df

  • SHA256

    40cb1a3c88b619984a4562e4fc8e4a6b71c7c6f402b586bf99a88560b0d1a3f2

  • SHA512

    3a36e4951257f808055f7853fda707ac608f3a14e7c8997310cd4026603af5db55a2adc16a3db184ca007d7814618eb6e8c65012407f552831ca78c13586b8ac

  • SSDEEP

    49152:H221BTRryZIj1EY7raiV03WGWxDzRM9+ogZqySwr7GKh1:WqXMaixYDzi9+oe7r

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BatchFiles.exe
    "C:\Users\Admin\AppData\Local\Temp\BatchFiles.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Users\Admin\AppData\Local\Temp\is-MUUJV.tmp\BatchFiles.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-MUUJV.tmp\BatchFiles.tmp" /SL5="$400F4,1980055,54272,C:\Users\Admin\AppData\Local\Temp\BatchFiles.exe"
      2⤵
      • Executes dropped EXE
      PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-MUUJV.tmp\BatchFiles.tmp
    Filesize

    694KB

    MD5

    f0ccfb46f867443700d31c969bdcf552

    SHA1

    f2474d5d7a906de3bc3381ca79bb1ea60f0d6697

    SHA256

    54bb849d30567d5f10ac359f8b503732a3fcd76ad7cc72007eab843b784367bb

    SHA512

    71c7de53d1db03f1149c3e82fd92842cbd284d17c981267b20290f8d54baf2b578f7830f64eb5308c82cf4aff4f1937586624c2769da74a463c8d4ebdcbe45ee

    Download Submit

  • memory/2056-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2056-10-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2196-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-9-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download