Analysis
-
max time kernel
2s -
max time network
3s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 17:28
Static task
static1
Behavioral task
behavioral1
Sample
submarino.bat
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
submarino.bat
-
Size
5KB
-
MD5
a1f4acd62d459798e055436cdc265194
-
SHA1
7d0592b16d363627d5aa4f512272e2c3e90e1b58
-
SHA256
7c84a9c823de33ef07c1ee94a06ca5c32b9b27696392e3facce7f87b04f6dfeb
-
SHA512
6596d194cbea8a25cea402302d44ad1b9c9d29debc9f4f1b7bd18ce91b10963f3644fa4c698b66bcf788bf8a21dfea298103e81a688d4a04b4593a70ccde936d
-
SSDEEP
96:TezHcoXwPWlCqvr8x2Qv1gvov1cZiW1x2Kx2bJgJsJLJsJgJfJpJwJ6JKJTJQJiI:TkHcoQWlXrm28WELWv2k298INI8hXs61
Score
1/10
Malware Config
Signatures
-
Kills process with taskkill 3 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exepid process 5088 taskkill.exe 4764 taskkill.exe 2312 taskkill.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exedescription pid process target process PID 3756 wrote to memory of 5088 3756 cmd.exe taskkill.exe PID 3756 wrote to memory of 5088 3756 cmd.exe taskkill.exe PID 3756 wrote to memory of 4764 3756 cmd.exe taskkill.exe PID 3756 wrote to memory of 4764 3756 cmd.exe taskkill.exe PID 3756 wrote to memory of 2312 3756 cmd.exe taskkill.exe PID 3756 wrote to memory of 2312 3756 cmd.exe taskkill.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\submarino.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:3756 -
C:\Windows\system32\taskkill.exetaskkill / f / im Steam.exe / t2⤵
- Kills process with taskkill
PID:5088 -
C:\Windows\system32\taskkill.exetaskkill / f / im Steam.exe / t2⤵
- Kills process with taskkill
PID:4764 -
C:\Windows\system32\taskkill.exetaskkill / f / im Steam.exe / t2⤵
- Kills process with taskkill
PID:2312