Overview

overview

10

Static

static

10

sss/Install/Del3.bat

windows7-x64

1

sss/Install/Del3.bat

windows10-2004-x64

1

sss/Instal...te.bat

windows7-x64

1

sss/Instal...te.bat

windows10-2004-x64

1

sss/Install/del.bat

windows7-x64

1

sss/Install/del.bat

windows10-2004-x64

1

sss/Install/smss.exe

windows7-x64

10

sss/Install/smss.exe

windows10-2004-x64

10

sss/RDPWinst.exe

windows7-x64

1

sss/RDPWinst.exe

windows10-2004-x64

1

sss/ReaIte...st.exe

windows7-x64

10

sss/ReaIte...st.exe

windows10-2004-x64

10

sss/ReaIte...tw.exe

windows7-x64

9

sss/ReaIte...tw.exe

windows10-2004-x64

9

sss/Window...rv.exe

windows7-x64

10

sss/Window...rv.exe

windows10-2004-x64

10

sss/Window...MD.exe

windows7-x64

1

sss/Window...MD.exe

windows10-2004-x64

1

sss/Window...le.exe

windows7-x64

1

sss/Window...le.exe

windows10-2004-x64

1

sss/Window...st.exe

windows7-x64

1

sss/Window...st.exe

windows10-2004-x64

1

sss/Window...64.sys

windows7-x64

1

sss/Window...64.sys

windows10-2004-x64

1

sss/Window...dg.exe

windows7-x64

9

sss/Window...dg.exe

windows10-2004-x64

9

sss/Window...on.bat

windows7-x64

1

sss/Window...on.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-03-2024 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sss/WindowsTask/winlogon.bat

  • Size

    134B

  • MD5

    4b09f42752d782958f48e3a4094fb235

  • SHA1

    699cda02f1d20d720d3a24ab23c0700aee8f052e

  • SHA256

    39128f3f6e8910fc7766da7eb80e5bea6b1c32cbd47ac6d1c7b60ee11d088ba9

  • SHA512

    621532f1aee46a5bbe691a153092e721f36af827554b7211f34e56c0531a4c73569805d9d7ab86e571daed60966201bbdfcf8553a320f0c7da471096c0004542

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\sss\WindowsTask\winlogon.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      PowerShell.exe -command "Import-Module applocker" ; "Set-AppLockerPolicy -XMLPolicy C:\ProgramData\WindowsTask\new.xml"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3036-4-0x000000001B5C0000-0x000000001B8A2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3036-6-0x000007FEF6080000-0x000007FEF6A1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3036-5-0x0000000002340000-0x0000000002348000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3036-7-0x0000000002E70000-0x0000000002EF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3036-8-0x000007FEF6080000-0x000007FEF6A1D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3036-10-0x0000000002E70000-0x0000000002EF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3036-9-0x0000000002BE0000-0x0000000002BF2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3036-11-0x0000000002A40000-0x0000000002A4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3036-12-0x0000000002E70000-0x0000000002EF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3036-13-0x0000000002C80000-0x0000000002C8E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3036-14-0x0000000002C90000-0x0000000002C98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3036-15-0x000007FEF6080000-0x000007FEF6A1D000-memory.dmp

    Filesize

    9.6MB

    Download