Malware Analysis Report

2024-10-23 21:05

Sample ID 240613-v16fmaxcqa
Target submarino.bat
SHA256 7c84a9c823de33ef07c1ee94a06ca5c32b9b27696392e3facce7f87b04f6dfeb
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7c84a9c823de33ef07c1ee94a06ca5c32b9b27696392e3facce7f87b04f6dfeb

Threat Level: No (potentially) malicious behavior was detected

The file submarino.bat was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Kills process with taskkill

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 17:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 17:28

Reported

2024-06-13 17:28

Platform

win10v2004-20240508-en

Max time kernel

2s

Max time network

3s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\submarino.bat"

Signatures

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3756 wrote to memory of 5088 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3756 wrote to memory of 5088 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3756 wrote to memory of 4764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3756 wrote to memory of 4764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3756 wrote to memory of 2312 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3756 wrote to memory of 2312 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\submarino.bat"

C:\Windows\system32\taskkill.exe

taskkill / f / im Steam.exe / t

C:\Windows\system32\taskkill.exe

taskkill / f / im Steam.exe / t

C:\Windows\system32\taskkill.exe

taskkill / f / im Steam.exe / t

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A