Overview

overview

3

Static

static

1

3.bat

windows7-x64

1

3.bat

windows10-2004-x64

1

3.vbs

windows7-x64

3

3.vbs

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 12:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3.bat

  • Size

    6KB

  • MD5

    002a4b28a38e3c3b39378762853f2389

  • SHA1

    1e1de7adfbb6ee0720bf6d11a7cc5984b4dea9a5

  • SHA256

    716c494e56c52107a006462ff0f931f7e3c48179eafa40cc32e7687c80d09dec

  • SHA512

    4150d1fa052ce017dbefef7e8f9cfbf8f751a49e5811ebcbbd6e9f86c8d5800da2410a491f2845afea71bfd71c3722a8aa673d410030a8591105f54cb641636b

  • SSDEEP

    96:JUaSOIoNlocEzIzhr5MjrHHvOn/yrdJVk9HJrQCQMw3DBreXcBr1Q+HrAPU5rHs7:XSOIS+0Fr+rbrir6rRrvrvr7r1ryr1

Score
1/10

Malware Config

Signatures

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\3.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\system32\reg.exe
      reg del "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /v
      2⤵
        PID:2272
      • C:\Windows\system32\reg.exe
        reg add "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /v "" /d "C:\Program Files\Internet Explorer\iexplore.exe http://www.53ff.com/?ttg2b" /f
        2⤵
        • Modifies registry class
        PID:1208

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads