b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8 | Triage

Sharing

General

Target

b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8.bat
Size

7KB
Sample

240523-cdbnmahe8v
MD5

6a0e1a60234d409a8d5c630f84b707f4
SHA1

33ab80ab6ee9ff90d35ff1912090ed68f225f0cb
SHA256

b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8
SHA512

92b198585eddbee2d1bfd37736bbe6a1f44a5c751f2dd15cc6c10104af2bb9557990f963a15bbac4ad0e21d3066ba0cb83bc41245e46d67408e72ae5f7d9bbaf
SSDEEP

96:2XOLZvaljhpoAjs3R3R75XVbOVrGTvyoidAdCgpn7wEnx/1XCzlbTX:WSZv4jhaOoHNXbqo8gSlbTX

Score

8^/10

execution

Malware Config

Targets

- Target
  
  b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8.bat
- Size
  
  7KB
- MD5
  
  6a0e1a60234d409a8d5c630f84b707f4
- SHA1
  
  33ab80ab6ee9ff90d35ff1912090ed68f225f0cb
- SHA256
  
  b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8
- SHA512
  
  92b198585eddbee2d1bfd37736bbe6a1f44a5c751f2dd15cc6c10104af2bb9557990f963a15bbac4ad0e21d3066ba0cb83bc41245e46d67408e72ae5f7d9bbaf
- SSDEEP
  
  96:2XOLZvaljhpoAjs3R3R75XVbOVrGTvyoidAdCgpn7wEnx/1XCzlbTX:WSZv4jhaOoHNXbqo8gSlbTX
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2