Overview

overview

4

Static

static

1

Bypass.zip

windows11-21h2-x64

1

Bypass/bypass.py

windows11-21h2-x64

3

Bypass/config.json

windows11-21h2-x64

3

Bypass/dat...11.pyc

windows11-21h2-x64

3

Bypass/dat...11.pyc

windows11-21h2-x64

3

Bypass/dat...req.py

windows11-21h2-x64

3

Bypass/dat...ter.py

windows11-21h2-x64

3

Bypass/install.bat

windows11-21h2-x64

1

python-3.1...64.exe

windows11-21h2-x64

4

Analysis

  • max time kernel
    447s
  • max time network
    1172s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-06-2024 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bypass/install.bat

  • Size

    715B

  • MD5

    14741a4d4fb83a66aad98699db84cf7f

  • SHA1

    6b4c747e267a5a67cbedf5daa67b017adf6eacef

  • SHA256

    3ce14bbce42e339769dae4ec3ffd8b5150884e159366fbb88699203e76048664

  • SHA512

    e28b4309bd985aa7f4ef497ba4ebbe70d4b5914eea0b8e14b8ccc396c08e4060a760e689f533234575998d4abe9af20fd44bdd2e5a87bfd374f2b9c82cdbbac3

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Bypass\install.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4864
    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
      python bypass.py
      2⤵
        PID:4588

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads