97edea8bc010bdce4a0d3a732e16bf1390fcfeba1845f87610927eeda2a4d5f6 | Triage

Analysis

max time kernel
81s
max time network
210s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2024, 00:25

Sharing

Report Analysis Logs

General

Target

Byte-Stealer-1.3.1/ConfigLogger.bat
Size

49B
MD5

aa02d6b4fff3cb9849ae186a8a8ad459
SHA1

94404f3a23b40a3d109eec3c618f9692ee958332
SHA256

6a8a26ee42a1a68e84e4a0b48f4599164eff8bda7894f2c832337c6af9b4bf2d
SHA512

aef4267a4c083abec885856664b450cf3a3dba5849be1729894fa6844877cd9cfc1881942346bc8540c17848d1e66ba3d708b5ec0df73cd9ff9c854af6913654

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1900	1980	cmd.exe	81
PID 1980 wrote to memory of 1900	1980	cmd.exe	81
PID 1980 wrote to memory of 1900	1980	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Byte-Stealer-1.3.1\ConfigLogger.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python ScriptConfig.py
  2⤵
  PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
495B

MD5
445054754aab81d53b48e222926e0339

SHA1
dbb530dc4f5bfd822a84840b2b84f8f809378b4a

SHA256
e085b726996c9d5549096f4f6cf2510a7924cc5afe0046609593f698c400e8d8

SHA512
31ce3e4dfd44ce34b8ca7b795a49875dba42b6b9835c580b948b100b99185c2eeaca61677a6a8323415313999fcf1f34fde45fa072a59dc3678bceff60302824

Download Submit