Analysis

  • max time kernel
    157s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-03-2024 19:46

General

  • Target

    WindowsEnabler.bat

  • Size

    5.1MB

  • MD5

    5cf9d59d76f27d6d3cf1c35c34ba3b19

  • SHA1

    58e0ad6ed6697decb0b3cc0ecf053d248f8b60e0

  • SHA256

    565a83aceb2ba15250fd18b5c1b4701cf6d02398a1a47c9ac222341656f9db10

  • SHA512

    4d121b13db7d2a4ee08e87bc952efbf2278c45107c49bf81b2cfd4b5ccf5bcdb9d8382839d588721725f389338e5f71251d36a1f31c02a6e4c0afa92c1b3e433

  • SSDEEP

    24576:EVcksZhAsxYu9bEUt4Qa1CFQa5Z4tp5ljbjvGr2BBgfretKRxMp+hrQB0eJM2a8K:WSbESV0MFJnucAktSD0kngP+32Oa

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\WindowsEnabler.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Windows\system32\findstr.exe
      findstr /e "'v" "C:\Users\Admin\AppData\Local\Temp\WindowsEnabler.bat"
      2⤵
        PID:2364
      • C:\Windows\system32\cscript.exe
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\x.vbs
        2⤵
          PID:1084
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:1252

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\x
          Filesize

          4KB

          MD5

          adbf526e1c7aa7db4afb9160c723c6c9

          SHA1

          b359707c60760a955845d360cd0595ec19448ee3

          SHA256

          51123e4dfd33d77588bb6d21d4dd314ecd0b2fcc9c62afc6d06cc2f48fdf8000

          SHA512

          8dc1d73f7bbd6cb310925333e249c81ca6ad670cea875c7ad578b9961ec782759093d12d1223ecce8faa953f91712a2d5aa5a7af1d515ada022e91ac4bffa466