2ff0bfc262e42dcfda448caaaf1fccf91f110ec0efc721f69285441ff2187517

Resubmissions

06-04-2024 10:11

240406-l8bfsafh7z 10

06-04-2024 10:11

240406-l774csge98 8

06-04-2024 10:07

240406-l532mafh4x 8

06-04-2024 10:03

240406-l3pq8age27 8

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2024 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Oak-Grabber-V2-oakgrabber/setup.bat
Size

279B
MD5

589f71a831ec1828a0fdb2317c0f4a20
SHA1

b2df9b55d97c976f24f2abe2063b25342f7055e3
SHA256

061704f8f17abd57f92c3b158bcea2ec83b9c971265b2513aee8219814a89ec6
SHA512

70e3b11515e17e7f26a78a9e7a88838c549867a79e8efce39986fc4da7d315111368da243f4026819bcc9b33e800fef88d444dc44bac6691b4eef5d53d328977

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4060	OpenWith.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 232	4644	cmd.exe	87
PID 4644 wrote to memory of 232	4644	cmd.exe	87

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Oak-Grabber-V2-oakgrabber\setup.bat"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads