Overview

overview

10

Static

static

10

cryptic to...tic.py

windows7-x64

3

cryptic to...tic.py

windows10-2004-x64

3

cryptic to...up.bat

windows7-x64

1

cryptic to...up.bat

windows10-2004-x64

1

cryptic to...ol.bat

windows7-x64

1

cryptic to...ol.bat

windows10-2004-x64

1

cryptic to...ler.py

windows7-x64

3

cryptic to...ler.py

windows10-2004-x64

3

cryptic to...ler.py

windows7-x64

3

cryptic to...ler.py

windows10-2004-x64

3

cryptic to...nfo.py

windows7-x64

3

cryptic to...nfo.py

windows10-2004-x64

3

cryptic to...gin.py

windows7-x64

3

cryptic to...gin.py

windows10-2004-x64

3

cryptic to...ker.py

windows7-x64

3

cryptic to...ker.py

windows10-2004-x64

3

cryptic to...rdm.py

windows7-x64

3

cryptic to...rdm.py

windows10-2004-x64

3

cryptic to...ger.py

windows7-x64

3

cryptic to...ger.py

windows10-2004-x64

3

cryptic to...kup.py

windows7-x64

3

cryptic to...kup.py

windows10-2004-x64

3

cryptic to...sdm.py

windows7-x64

3

cryptic to...sdm.py

windows10-2004-x64

3

cryptic to...mer.py

windows7-x64

3

cryptic to...mer.py

windows10-2004-x64

3

cryptic to...gen.py

windows7-x64

3

cryptic to...gen.py

windows10-2004-x64

3

cryptic to...pam.py

windows7-x64

3

cryptic to...pam.py

windows10-2004-x64

3

cryptic to...ver.py

windows7-x64

3

cryptic to...ver.py

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-05-2024 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cryptic tool/setup.bat

  • Size

    141B

  • MD5

    561be1c93153a3556eebe814c5014cf4

  • SHA1

    f8f9df548d929475c709491ebb27254c5ca5c5d9

  • SHA256

    4149819d15b592aa3d064045ad81dae253cd2de905dfee3bc88c4cfa0b6de2ba

  • SHA512

    f93c588f2f8a2430927a9b8083545a9a7f7c93c88f6c16ce924080b10b814c2b00ed27ffbb37034802c8caf707227f8c2baf0ee323c795b4c491cb9b56f35ae2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cryptic tool\setup.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K start_tool.bat
      2⤵
        PID:3100
      • C:\Windows\system32\cmd.exe
        cmd /c
        2⤵
          PID:1536

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\cryptic tool\start_tool.bat
        Filesize

        43B

        MD5

        a391e80715f2e062b64bf2ee6a5da59b

        SHA1

        8ae740ca023d44af9e99bc27f5d74c1e3a073574

        SHA256

        61fae725783284740879d980cfc77995da67c5fe6cdd8e7619ed973b628d4246

        SHA512

        9cf5121bef78c6b2de9c560cc98fd77fb785d1d1cb4796ff60de688c4f254bdb6806b422ed7d35793785ec792145e4cdd898c6f056ff2306c0c5357c49e3141b

        Download Submit