65e600757b04f97f70bb2000db87dc1c3569de2c27156486d712c7f030ae58d7

Analysis

max time kernel
452s
max time network
1172s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2024 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.bat
Size

540B
MD5

8a73c96ff34b3781522dd9993f483e95
SHA1

92aeb01de1efacc47795a13a929f4e64ba250f67
SHA256

800b892d045aa373322d1a21f83a2616baae2a5c468096c502114f975b3c7271
SHA512

8205e5c36a18ef1aff1c453ec0910a9234105351b52f4478c8d44dd7a3e07e5c43551b89f7cc176d47c99689f6b736d2bf54a45da6c1b1bcda46e4eac049f173

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
56	pastebin.com
57	pastebin.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip-api.com

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 1276	4108	cmd.exe	87
PID 4108 wrote to memory of 1276	4108	cmd.exe	87
PID 4108 wrote to memory of 2404	4108	cmd.exe	88
PID 4108 wrote to memory of 2404	4108	cmd.exe	88
PID 4108 wrote to memory of 2404	4108	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:1276
- C:\Users\Admin\AppData\Local\Temp\Evon.exe
  Evon.exe config
  2⤵
  PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2404-1-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-0-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-3-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-2-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-5-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-6-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-4-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-7-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-9-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-8-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-10-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-11-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-12-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-13-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-14-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-15-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-16-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-17-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-18-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-19-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-21-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-20-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-22-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-23-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-24-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-25-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-26-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-27-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-28-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-30-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-29-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-31-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-32-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-33-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-34-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-35-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-36-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-38-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-37-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-39-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-41-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-42-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-40-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-43-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-44-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-45-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-46-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-49-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-50-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-48-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-47-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-51-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-52-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-53-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-54-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-55-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-57-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-56-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-58-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-59-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-60-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-61-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-62-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download
memory/2404-63-0x000000007F310000-0x000000007F320000-memory.dmp

Filesize
64KB

Download