Analysis

  • max time kernel
    2s
  • max time network
    3s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 17:28

General

  • Target

    submarino.bat

  • Size

    5KB

  • MD5

    a1f4acd62d459798e055436cdc265194

  • SHA1

    7d0592b16d363627d5aa4f512272e2c3e90e1b58

  • SHA256

    7c84a9c823de33ef07c1ee94a06ca5c32b9b27696392e3facce7f87b04f6dfeb

  • SHA512

    6596d194cbea8a25cea402302d44ad1b9c9d29debc9f4f1b7bd18ce91b10963f3644fa4c698b66bcf788bf8a21dfea298103e81a688d4a04b4593a70ccde936d

  • SSDEEP

    96:TezHcoXwPWlCqvr8x2Qv1gvov1cZiW1x2Kx2bJgJsJLJsJgJfJpJwJ6JKJTJQJiI:TkHcoQWlXrm28WELWv2k298INI8hXs61

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\submarino.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3756
    • C:\Windows\system32\taskkill.exe
      taskkill / f / im Steam.exe / t
      2⤵
      • Kills process with taskkill
      PID:5088
    • C:\Windows\system32\taskkill.exe
      taskkill / f / im Steam.exe / t
      2⤵
      • Kills process with taskkill
      PID:4764
    • C:\Windows\system32\taskkill.exe
      taskkill / f / im Steam.exe / t
      2⤵
      • Kills process with taskkill
      PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads