Overview

overview

1

Static

static

1

Malware-ma...et.bat

windows7-x64

1

Malware-ma...et.bat

windows10-2004-x64

1

Malware-ma...ME.ps1

windows7-x64

1

Malware-ma...ME.ps1

windows10-2004-x64

1

Malware-ma...ns.bat

windows7-x64

1

Malware-ma...ns.bat

windows10-2004-x64

1

Malware-ma...pc.bat

windows7-x64

Malware-ma...pc.bat

windows10-2004-x64

Malware-ma...wn.bat

windows7-x64

1

Malware-ma...wn.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    8s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2024 22:41

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Malware-master/crashespc.bat

  • Size

    278B

  • MD5

    8e2220e4552a3ed322c0b542e8641ad7

  • SHA1

    2d0c40f092d0264b864876c82fce71df4a9cdf1e

  • SHA256

    d0675ccdf06d1360fd6193bd583e2b6e06888e882e1f9b21430b5328f7c7a4f6

  • SHA512

    2a9e9f35b55a41bb65e914d43fdfb1576d46098abc9b1c35e29f03b1a4d3df89212c1181322e8422f0ad1055483ec4204e25728641012f8a52d30ea9c77cdc05

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Views/modifies file attributes 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Malware-master\crashespc.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h c:autoexec.bat
      2⤵
      • Views/modifies file attributes
      PID:2688
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h c:boot.ini
      2⤵
      • Views/modifies file attributes
      PID:2920
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h c:ntldr
      2⤵
      • Views/modifies file attributes
      PID:2788
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h c:windowswin.ini
      2⤵
      • Views/modifies file attributes
      PID:2872
    • C:\Windows\system32\msg.exe
      msg * YOU GOT OWNED!!!
      2⤵
        PID:2956
      • C:\Windows\system32\shutdown.exe
        shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c:Drive
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3040
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:2796
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:2352

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2352-1-0x0000000002B30000-0x0000000002B31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2796-0-0x0000000002E10000-0x0000000002E11000-memory.dmp

          Filesize

          4KB

          Download