Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05-04-2024 15:10
General
-
Target
launcher.bat
-
Size
87B
-
MD5
864189b29e0ee9338690f34f60d9ed61
-
SHA1
2f130b692da72031ca0089894b84d716319c3b9a
-
SHA256
6887bbcea8d76ccb3cdf324d5a7b0feea4a7bbc17e4c05c9e7e07c735ba565a4
-
SHA512
957853c8a9a67d0555ddeb3981440d9709ff2762a4e4ae7cf48bc2a8a4cb9304154b696411ea4a521871b8322bdb433fd36988e230b91d1656f6c0c8488abafb
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 12 IoCs
-
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 26 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe dino.dll ADMISSIONS_get0_admissionAuthority2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe dino.dll ADMISSIONS_get0_admissionAuthority3⤵
- Blocklisted process makes network request
- Checks processor information in registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3576-0-0x0000000002790000-0x0000000002B68000-memory.dmpFilesize
3.8MB
-
memory/3576-2-0x00000000023B0000-0x0000000002786000-memory.dmpFilesize
3.8MB
-
memory/3576-5-0x0000000002B70000-0x0000000002F4F000-memory.dmpFilesize
3.9MB
-
memory/3576-13-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-14-0x00000000779E2000-0x00000000779E3000-memory.dmpFilesize
4KB
-
memory/3576-15-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-16-0x00000000779E2000-0x00000000779E3000-memory.dmpFilesize
4KB
-
memory/3576-17-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-18-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-19-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-20-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-21-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-22-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-23-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-24-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-25-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-27-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-28-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-36-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-41-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB
-
memory/3576-44-0x0000000003420000-0x0000000003C2A000-memory.dmpFilesize
8.0MB