Overview

overview

10

Static

static

10

sss/Install/Del3.bat

windows7-x64

1

sss/Install/Del3.bat

windows10-2004-x64

1

sss/Instal...te.bat

windows7-x64

1

sss/Instal...te.bat

windows10-2004-x64

1

sss/Install/del.bat

windows7-x64

1

sss/Install/del.bat

windows10-2004-x64

1

sss/Install/smss.exe

windows7-x64

10

sss/Install/smss.exe

windows10-2004-x64

10

sss/RDPWinst.exe

windows7-x64

1

sss/RDPWinst.exe

windows10-2004-x64

1

sss/ReaIte...st.exe

windows7-x64

10

sss/ReaIte...st.exe

windows10-2004-x64

10

sss/ReaIte...tw.exe

windows7-x64

9

sss/ReaIte...tw.exe

windows10-2004-x64

9

sss/Window...rv.exe

windows7-x64

10

sss/Window...rv.exe

windows10-2004-x64

10

sss/Window...MD.exe

windows7-x64

1

sss/Window...MD.exe

windows10-2004-x64

1

sss/Window...le.exe

windows7-x64

1

sss/Window...le.exe

windows10-2004-x64

1

sss/Window...st.exe

windows7-x64

1

sss/Window...st.exe

windows10-2004-x64

1

sss/Window...64.sys

windows7-x64

1

sss/Window...64.sys

windows10-2004-x64

1

sss/Window...dg.exe

windows7-x64

9

sss/Window...dg.exe

windows10-2004-x64

9

sss/Window...on.bat

windows7-x64

1

sss/Window...on.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-03-2024 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sss/Install/Delete.bat

  • Size

    73B

  • MD5

    a7156985a69a520857d07818b2161bec

  • SHA1

    4ca34541f48f4811aaba2a49d63a7b76bf7ba05e

  • SHA256

    bb4810e0f1e95012705f20e78fdc63a57917a9f3d848520e4f3f2a7975dbdbe9

  • SHA512

    5a46596f08a32b246573e24896b1407d4b747eef9722a45be20084d50939cf2d9417793e3a83e7edd91587cfbda1074a9ea7539a73b6f991b233210ca638247b

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\sss\Install\Delete.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\system32\timeout.exe
      timeout 5
      2⤵
      • Delays execution with timeout.exe
      PID:4844
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=2260,i,3739451884007376837,4900555371550671478,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads