Malware Analysis Report

2025-01-18 22:03

Sample ID 240504-31g22afh3x
Target D34TH 5.0 .bat
SHA256 1824c0a88a597388f800a4bf589ae2bc70ac7969f504153ab757dd8360308de3
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1824c0a88a597388f800a4bf589ae2bc70ac7969f504153ab757dd8360308de3

Threat Level: Shows suspicious behavior

The file D34TH 5.0 .bat was found to be: Shows suspicious behavior.

Malicious Activity Summary


Checks for this command that runs a batch skript as administrator: net session >nul 2>&1 || (powershell start -verb runas '"%~0"' &exit /b)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-04 23:58

Signatures

Checks for this command that runs a batch skript as administrator: net session >nul 2>&1 || (powershell start -verb runas '"%~0"' &exit /b)

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 23:58

Reported

2024-05-05 00:01

Platform

win11-20240426-en

Max time kernel

93s

Max time network

94s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D34TH 5.0 .bat"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D34TH 5.0 .bat"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A