Overview

overview

1

Static

static

1

install.bat.ps1

windows11-21h2-x64

1

Analysis

  • max time kernel
    2214s
  • max time network
    1902s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-04-2024 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    install.bat.ps1

  • Size

    1KB

  • MD5

    e7051f6081a1fa4a803f9a10331646f4

  • SHA1

    900bdbe8f397adf8b40e4ad29ee1931a817cf27f

  • SHA256

    c0314ee94110588ffa54447d1c6a0fef38a42a59ad1fa28ec3c00cb5708c4518

  • SHA512

    f3b62dd52e2d6f77d7e1a85f56f285adc8ea409c71ea34e0f09dea692bb61464cb20d56d79c005c2a216408a81eb21115231a2f4e5afeffeb7406edfda79e33c

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\install.bat.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4480
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4832
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SendBackup.mp3"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3636
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SendBackup.mp3"
    1⤵
      PID:2188
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SendBackup.mp3"
      1⤵
        PID:1508

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xw14rivv.0qz.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
        Filesize

        76B

        MD5

        0d8c2610f5897d19ba1bb984d1522903

        SHA1

        701bf6190d66be3d33f0ef30fa075827934bec72

        SHA256

        1e2e4daf294ef4486c1a8d8cff89a6c96569e04249494f408dcaff2e6f04d8af

        SHA512

        9e808ef330cce2ac18a0eacc745136f93c6844da0abd04ce565323f80110b50d87260c5ccd4a2f5bc0846ae4ca7dc8f505c2e251dbffb05c008ecb0c209f14b1

        Download Submit

      • C:\Users\Admin\AppData\Roaming\vlc\vlcrc
        Filesize

        94KB

        MD5

        7b37c4f352a44c8246bf685258f75045

        SHA1

        817dacb245334f10de0297e69c98b4c9470f083e

        SHA256

        ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

        SHA512

        1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

        Download Submit

      • memory/1508-67-0x00007FFD1F250000-0x00007FFD1F261000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1508-65-0x00007FFD24580000-0x00007FFD24598000-memory.dmp

        Filesize

        96KB

        Download

      • memory/1508-66-0x00007FFD1F470000-0x00007FFD1F487000-memory.dmp

        Filesize

        92KB

        Download

      • memory/1508-64-0x00007FFD0CC70000-0x00007FFD0CF26000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1508-63-0x00007FFD1E4F0000-0x00007FFD1E524000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1508-62-0x00007FF6A4580000-0x00007FF6A4678000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2188-50-0x00007FF6A4580000-0x00007FF6A4678000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2188-51-0x00007FFD1E4F0000-0x00007FFD1E524000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2188-53-0x00007FFD24580000-0x00007FFD24598000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2188-54-0x00007FFD1F470000-0x00007FFD1F487000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2188-55-0x00007FFD1F250000-0x00007FFD1F261000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2188-52-0x00007FFD0CC70000-0x00007FFD0CF26000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3636-27-0x00007FFD1F250000-0x00007FFD1F261000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-48-0x000002171C540000-0x000002171DDAF000-memory.dmp

        Filesize

        24.4MB

        Download

      • memory/3636-41-0x00007FFD13650000-0x00007FFD13661000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-47-0x00007FFD0B6E0000-0x00007FFD0B6F8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3636-46-0x00007FFD0DA00000-0x00007FFD0DA11000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-44-0x00007FFD0DA20000-0x00007FFD0DA87000-memory.dmp

        Filesize

        412KB

        Download

      • memory/3636-33-0x00007FFD0B780000-0x00007FFD0C830000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/3636-43-0x00007FFD12680000-0x00007FFD126B0000-memory.dmp

        Filesize

        192KB

        Download

      • memory/3636-40-0x00007FFD147C0000-0x00007FFD147DB000-memory.dmp

        Filesize

        108KB

        Download

      • memory/3636-38-0x00007FFD1CF50000-0x00007FFD1CF61000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-39-0x00007FFD1CC50000-0x00007FFD1CC61000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-37-0x00007FFD1DC40000-0x00007FFD1DC51000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-36-0x00007FFD1E4D0000-0x00007FFD1E4E8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3636-35-0x00007FFD1E6E0000-0x00007FFD1E701000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3636-45-0x00007FFD0B700000-0x00007FFD0B77C000-memory.dmp

        Filesize

        496KB

        Download

      • memory/3636-42-0x00007FFD13630000-0x00007FFD13648000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3636-34-0x00007FFD147E0000-0x00007FFD14821000-memory.dmp

        Filesize

        260KB

        Download

      • memory/3636-29-0x00007FFD1F100000-0x00007FFD1F111000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-25-0x00007FFD24580000-0x00007FFD24598000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3636-26-0x00007FFD1F470000-0x00007FFD1F487000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3636-32-0x00007FFD0C830000-0x00007FFD0CA3B000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3636-28-0x00007FFD1F190000-0x00007FFD1F1A7000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3636-24-0x00007FFD0CC70000-0x00007FFD0CF26000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3636-31-0x00007FFD1ED60000-0x00007FFD1ED71000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3636-30-0x00007FFD1EF60000-0x00007FFD1EF7D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/3636-23-0x00007FFD1E4F0000-0x00007FFD1E524000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3636-22-0x00007FF6A4580000-0x00007FF6A4678000-memory.dmp

        Filesize

        992KB

        Download

      • memory/3636-76-0x00007FFD0CC70000-0x00007FFD0CF26000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4480-9-0x00007FFD0CE60000-0x00007FFD0D922000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4480-10-0x000002171C280000-0x000002171C290000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4480-11-0x000002171C280000-0x000002171C290000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4480-8-0x000002171C300000-0x000002171C322000-memory.dmp

        Filesize

        136KB

        Download

      • memory/4480-14-0x00007FFD0CE60000-0x00007FFD0D922000-memory.dmp

        Filesize

        10.8MB

        Download