Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
25-05-2024 22:02
Static task
static1
Behavioral task
behavioral1
Sample
.bat
Resource
win10-20240404-en
windows10-1703-x64
2 signatures
150 seconds
General
-
Target
.bat
-
Size
363B
-
MD5
696232f84f1e844e9938b7ba774541d8
-
SHA1
d1a78fe174ff2ac099bcf68b5c910362a87a4c00
-
SHA256
b1db5166273f292de50ee512c8a037ea6a7db3f39f15df94f31eb9b06ae6d535
-
SHA512
ec769a5c83ffa7963b64e123f40ba35f2abe41f981fd19421f01b687b8920d8bb62ed972c672294e7148920901032574ce9df8707398e7b190f70ef2cd4eaa81
Score
5/10
Malware Config
Signatures
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
reg.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\Forza/images.jpg" reg.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
cmd.exedescription pid process target process PID 596 wrote to memory of 4704 596 cmd.exe reg.exe PID 596 wrote to memory of 4704 596 cmd.exe reg.exe PID 596 wrote to memory of 2016 596 cmd.exe rundll32.exe PID 596 wrote to memory of 2016 596 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\Desktop\Forza/images.jpg /f2⤵
- Sets desktop wallpaper using registry
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters2⤵