Overview

overview

9

Static

static

9

b6138bd31f...73.exe

windows7-x64

7

b6138bd31f...73.exe

windows10-2004-x64

7

$PLUGINSDIR/LogEx.dll

windows7-x64

3

$PLUGINSDIR/LogEx.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

CrashReport.exe

windows7-x64

1

CrashReport.exe

windows10-2004-x64

1

InstallSys...ce.bat

windows7-x64

8

InstallSys...ce.bat

windows10-2004-x64

8

SystemClockHook.dll

windows7-x64

1

SystemClockHook.dll

windows10-2004-x64

1

SystemCloc...st.exe

windows7-x64

1

SystemCloc...st.exe

windows10-2004-x64

1

SystemCloc...64.exe

windows7-x64

6

SystemCloc...64.exe

windows10-2004-x64

7

SystemCloc...64.dll

windows7-x64

1

SystemCloc...64.dll

windows10-2004-x64

1

SystemTime...ce.exe

windows7-x64

1

SystemTime...ce.exe

windows10-2004-x64

1

UninstallS...ce.bat

windows7-x64

8

UninstallS...ce.bat

windows10-2004-x64

8

YXCalendar.exe

windows7-x64

6

YXCalendar.exe

windows10-2004-x64

6

YXCapture.dll

windows7-x64

1

YXCapture.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UninstallSystemTimeSyncService.bat

  • Size

    72B

  • MD5

    266baae5a3f6cf8a9838dce0aa04fa87

  • SHA1

    862c70a5d15778a8ec77dee6098ed169cb931cdc

  • SHA256

    ee7fa177b3262fd07801cb129b122cd42bc66e61f6b7f3b9b10a837c563d645a

  • SHA512

    676affd8f44d6c26be5315bbaf016e70dd6ee5df6722684015e6c8fa83a62edf8c47d73d3f119666c19377f1ba33d0449662ed9001a564bc26f9d721bf035dee

Score
8/10
evasionexecution

Malware Config

Signatures

  • Stops running service(s) 4 TTPs
    evasionexecution
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\UninstallSystemTimeSyncService.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\system32\sc.exe
      sc stop "╙┼╨º╚╒└·═°┬τ╩▒╝Σ═¼▓╜╖■╬±"
      2⤵
      • Launches sc.exe
      PID:2196
    • C:\Windows\system32\sc.exe
      sc delete "╙┼╨º╚╒└·═°┬τ╩▒╝Σ═¼▓╜╖■╬±"
      2⤵
      • Launches sc.exe
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads