Malware Analysis Report

2024-10-19 08:22

Sample ID 240613-wetels1fkn
Target FILE_RENAME.BAT
SHA256 dfb816b0afe11d0f8a5b215a2f0ade42b280d24225912342c126e73fb9a43bd7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

dfb816b0afe11d0f8a5b215a2f0ade42b280d24225912342c126e73fb9a43bd7

Threat Level: No (potentially) malicious behavior was detected

The file FILE_RENAME.BAT was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 17:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 17:50

Reported

2024-06-13 17:54

Platform

win10-20240404-en

Max time kernel

145s

Max time network

144s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FILE_RENAME.bat"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FILE_RENAME.bat"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\Desktop\New Text Document.txt

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 17:50

Reported

2024-06-13 17:54

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FILE_RENAME.bat"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FILE_RENAME.bat"

Network

Files

N/A