3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

u2.bat
Size

326B
MD5

acaf01f83da439915027c3e2e900c8dd
SHA1

2861b4e463fa89e05f2d7d629fae5140cef49843
SHA256

3b3bd81232f517ba6d65c7838c205b301b0f27572fcfef9e5b86dd30a1d55a0d
SHA512

dc33e9b7e2dde66a3793955899221513e1f7b156801f1cc56eb48ad5cbf2b8c4facf8ad33c5bd63e4ec607e95e8b909f4bc280aaca4e29f07883879ec97a3e61

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

2028 PING.EXE

pid	process
2028	PING.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2248 wrote to memory of 2956	2248	cmd.exe	rundll32.exe
PID 2248 wrote to memory of 2956	2248	cmd.exe	rundll32.exe
PID 2248 wrote to memory of 2956	2248	cmd.exe	rundll32.exe
PID 2248 wrote to memory of 2028	2248	cmd.exe	PING.EXE
PID 2248 wrote to memory of 2028	2248	cmd.exe	PING.EXE
PID 2248 wrote to memory of 2028	2248	cmd.exe	PING.EXE

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\u2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248

C:\Windows\system32\rundll32.exe
rundll32.exe 02.dll,checkit
2⤵
PID:2956

C:\Windows\system32\PING.EXE
ping -n 5 localhost
2⤵
- Runs ping.exe
PID:2028

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads