Overview

overview

3

Static

static

1

New folder...t3.exe

windows7-x64

New folder...t3.exe

windows10-2004-x64

3

New folder...5a.au3

windows7-x64

3

New folder...5a.au3

windows10-2004-x64

3

New folder...te.bat

windows7-x64

3

New folder...te.bat

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New folder/execute.bat

  • Size

    47B

  • MD5

    bdc9e34bc73e2b595b0d6dec9bf04cd8

  • SHA1

    fc574c22b2c85aa3def41110792869db527f2c5c

  • SHA256

    d5dc18a295975bc1976c296729325ba312ad69efb6187adb5b0e403b81b2903b

  • SHA512

    5fb9cbe0a93e9500a5600f2a513ab775454cdb7d453b4f6733e63dac8c073616ff1e87618d30c206089beaf959c3d688d4fd70c994d23763f10193008c7cb0d6

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\New folder\execute.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Windows\system32\cmd.exe
      cmd /c autoit3.exe ac337d0e2c1d6f6a1132285a.au3
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2180
      • C:\Users\Admin\AppData\Local\Temp\New folder\Autoit3.exe
        autoit3.exe ac337d0e2c1d6f6a1132285a.au3
        3⤵
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2404
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 300
          4⤵
          • Program crash
          PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2404-1-0x0000000000930000-0x0000000000D30000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2404-2-0x0000000000930000-0x0000000000D30000-memory.dmp

    Filesize

    4.0MB

    Download