Overview

overview

5

Static

static

1

.bat

windows10-1703-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-05-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bat

  • Size

    363B

  • MD5

    696232f84f1e844e9938b7ba774541d8

  • SHA1

    d1a78fe174ff2ac099bcf68b5c910362a87a4c00

  • SHA256

    b1db5166273f292de50ee512c8a037ea6a7db3f39f15df94f31eb9b06ae6d535

  • SHA512

    ec769a5c83ffa7963b64e123f40ba35f2abe41f981fd19421f01b687b8920d8bb62ed972c672294e7148920901032574ce9df8707398e7b190f70ef2cd4eaa81

Score
5/10
ransomware

Malware Config

Signatures

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:596
    • C:\Windows\system32\reg.exe
      reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\Desktop\Forza/images.jpg /f
      2⤵
      • Sets desktop wallpaper using registry
      PID:4704
    • C:\Windows\system32\rundll32.exe
      RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
      2⤵
        PID:2016

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Defacement

    1
    T1491

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads