Malware Analysis Report

2024-10-23 21:05

Sample ID 240613-vzzxfs1ekn
Target D1_Free_Tweaking_Utility.bat
SHA256 8fe4a070e3798563bdb315465f8b9e3d187e07934e799e1f96ad3460e7df8e92
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8fe4a070e3798563bdb315465f8b9e3d187e07934e799e1f96ad3460e7df8e92

Threat Level: No (potentially) malicious behavior was detected

The file D1_Free_Tweaking_Utility.bat was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 17:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 17:26

Reported

2024-06-13 17:29

Platform

win11-20240508-en

Max time kernel

146s

Max time network

150s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D1_Free_Tweaking_Utility.bat"

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1056 wrote to memory of 4584 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1056 wrote to memory of 4584 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1056 wrote to memory of 72 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 1056 wrote to memory of 72 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 1056 wrote to memory of 2328 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com
PID 1056 wrote to memory of 2328 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D1_Free_Tweaking_Utility.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\mode.com

mode 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A