Overview

overview

8

Static

static

7

bin/admin.bat

windows7-x64

1

bin/admin.bat

windows10-2004-x64

7

bin/instsvc.bat

windows7-x64

8

bin/instsvc.bat

windows10-2004-x64

8

bin/ping.bat

windows7-x64

1

bin/ping.bat

windows10-2004-x64

7

bin/ping.sh

ubuntu-18.04-amd64

1

bin/ping.sh

debian-9-armhf

1

bin/ping.sh

debian-9-mips

bin/ping.sh

debian-9-mipsel

bin/reset-acl.bat

windows7-x64

1

bin/reset-acl.bat

windows10-2004-x64

7

bin/reset-acl.sh

ubuntu-18.04-amd64

1

bin/reset-acl.sh

debian-9-armhf

1

bin/reset-acl.sh

debian-9-mips

bin/reset-acl.sh

debian-9-mipsel

bin/reset-pw.bat

windows7-x64

1

bin/reset-pw.bat

windows10-2004-x64

7

bin/reset-pw.sh

ubuntu-18.04-amd64

1

bin/reset-pw.sh

debian-9-armhf

1

bin/reset-pw.sh

debian-9-mips

bin/reset-pw.sh

debian-9-mipsel

bin/shutdown.bat

windows7-x64

1

bin/shutdown.bat

windows10-2004-x64

7

bin/shutdown.sh

ubuntu-18.04-amd64

1

bin/shutdown.sh

debian-9-armhf

1

bin/shutdown.sh

debian-9-mips

bin/shutdown.sh

debian-9-mipsel

bin/startup.bat

windows7-x64

1

bin/startup.bat

windows10-2004-x64

7

bin/startup.sh

ubuntu-18.04-amd64

1

bin/startup.sh

debian-9-armhf

1

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 07:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/startup.bat

  • Size

    296B

  • MD5

    2d5ead0bc17c0fe49b448b03fb7ff49c

  • SHA1

    72802803046cc748034b7723743f7a62efb9d4ae

  • SHA256

    a8c6c55c0e1b71c82c685fa9edf0b9122f9e6648a21fac9d0cc61a0f2ee1a751

  • SHA512

    639b4044d41004568df7a0475339da26dbf9d7836b6af28e49cc47e544f285d3b6cf4122e0fb47fcc4f9d3a5dc31c161284d903ca3a90d4e468f3aca059ac8f2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\bin\startup.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system32\java.exe
      java -Djava.net.preferIPv4Stack=true -Xmx768m -cp "C:\Users\Admin\AppData\Local\Temp"\nxd.jar;"C:\Users\Admin\AppData\Local\Temp"\lib\*; nxd.Main
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Windows\system32\hostname.exe
        hostname
        3⤵
          PID:2576

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\db\blacklist.lock.db
            Filesize

            103B

            MD5

            c2f9995c022caa007e934f9b89781789

            SHA1

            0a9edde8f9d9d62a8e6ec77993ee89c5efa53d2e

            SHA256

            48a7aee180272064ec127779947353228f7583426f2528490ad9c841c0af1fd3

            SHA512

            2d113e20bb45d6c283fbbdba8ccbfa615cfb8a001e59ec85ad7c07073711f72dac5b84f4f7de6a8a086714ab6a0e25d17e4847a297d726bb7e90792d5d36cc89

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\blacklist.lock.db
            Filesize

            103B

            MD5

            4d5c8ba72671c3a3a8908f7afebeb82b

            SHA1

            77ed066d2b0a7957e7fa68c7e040682c696eaed4

            SHA256

            d04ae8a952a3f85db1f7eb41f19b3af0a7a836b8098bfaa984bc4e709d1efdfd

            SHA512

            cacd175449cd8270a32fd6ffce74dfefe48f05d2599b7c23561c4c919501e6ab152d561b1616a8e1a5f93efe63c742c5b0ed8b47a4ab5bdc16f9959a443d29bb

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\config.lock.db
            Filesize

            103B

            MD5

            ed373d2037be9dfd5d714505d2b08205

            SHA1

            c11d99adad418dd671e4f70bea2a028ec4b22cef

            SHA256

            0882510121564f08d875db4c5607ea82ed36b6e1132e8fbdb8cf499967ef2dc6

            SHA512

            e1a9f1febbb0aa2f6953c2e79c0a3454b26bd87d5d01893428ab7e1f65a7a6820f597ee2887e8a46961b41d03a5aa9676bf364f9ecb47f5bebe1916fbfaad710

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\config.lock.db
            Filesize

            103B

            MD5

            9925a81820e36bdeea1a8f1f9ae43e86

            SHA1

            c1d4ab4dd770c3fdf7dbc4a4faa35c5f7e6970a6

            SHA256

            0d0e7c397ba1550c83e7a3dacc71ed239cfbe20e82241800689861983d83c912

            SHA512

            53bd5a80068d873954b0ba6f8b41a9ad6850c15ff024e7c4fa71ced1155d8412cbc48593d17ab027b3ffd1ba451f52135c7b528bb2f9ab5d413ca0a0be441bd0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\config.lock.db
            Filesize

            103B

            MD5

            71d5184788a38b484f90d4271efacc57

            SHA1

            fdef39b72cf62229dca54ced20718f4fc26ee706

            SHA256

            5674a658fb7d474b05c32e413b8c372c99aaa0f5ddd39f581fd8aab98205f747

            SHA512

            4c4f2cc509062f0b30d433c7fe8582cb354ca6a2293d4acd168fd2e757245a4bb7c0d005866f942c111c0a3596e289d6beaa6b03901e9f418411a379a82543dc

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\jahaslist.lock.db
            Filesize

            103B

            MD5

            7bcc5d2f18151ae22150394a706665f7

            SHA1

            34b56968a2c7c304a9165c4d723775dcddf72e51

            SHA256

            5718aab96f4fdeca339cda8d9b4a4e9ecfd03f70cd483ac7ab959bb48792914d

            SHA512

            cb5767be95c157ec53a552c9edd9752980d78b7e70382b5977cede40066af22fc43761dfb582d1b38aa6e8ba6b6a58f2d77e96af756dc8b0b46a3d88d16130b7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\jahaslist.lock.db
            Filesize

            103B

            MD5

            49e3c4c221a9d594f49b2250e6f67bfa

            SHA1

            bb71a730731577a4f8c5eed1794ce947b6194f88

            SHA256

            085ac9c7ba31d9b23d5c9d8335a28a5b9c930e715db3887a1c0636a66ecfc80a

            SHA512

            a4ba4c41c96c305ce8c20272441c49ba44ca9ea8de9c66d22240aff7125235dba17971974b8dcfb3940f2d1184d9fb21c20a5946e0159aecfed0e581da18135b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\jahaslist.lock.db
            Filesize

            103B

            MD5

            8bc0e857f702c6be4f360c62f4b5f02c

            SHA1

            36f7459770a1f67f3ef2f8e88bea5eddee01c16c

            SHA256

            69b487ec365e97590f730abef4df3bcdb62a5ab79172d311b6a02dd59d88a719

            SHA512

            756b63d046a1790d72d01b3c9667bb2ef89e5f9497018ccb4e45ec33d1108e271b76246fdc0eda478dca440dc8655eff1e5bad8fb95ba2e0b980a76edc125745

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\komcache.lock.db
            Filesize

            103B

            MD5

            f0a64c2e0766bf7331c7c7fa698bf924

            SHA1

            4606f032e013854ffe51b9ae42b50ec46e982416

            SHA256

            b9aae02b58ec589ec4808291831f8af4879394cc15baf377f0d6271adbb71769

            SHA512

            58a385a52e1ad5d46c9642fff1fa41ade5b9920c03e3e22f9b27487f3f9a61382ce8bf7dcd669367b985d48ae6f73a8cc4b8986fa848c4787cf66a242f9b207d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\komcache.lock.db
            Filesize

            103B

            MD5

            f3052b8a6957775a298c972ec998d397

            SHA1

            ba67f1ee8ed6c200172239903dcdf631aaa22138

            SHA256

            f60991e66b8a3709dbf7b516b0eb803dc430c65f288aa07c7910c8c2423a913a

            SHA512

            1430f30c0253417c7a393531d305d3a3c2d9ab4ee4dccca2ce8171d28df744b89dcf3b01d9df3df6fb24b354a6bf7b9134da7462dcb8d3f7e0d10a05ee697083

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\local.lock.db
            Filesize

            103B

            MD5

            c9151792b39e0c91da547822594f2a56

            SHA1

            69695575f3f0422e8283868d2394860f5744ebc0

            SHA256

            3de05c8ef7b3a1ba27cf55ce3a9629732e13e9fb9456f23c5e2fcbe7d0499f74

            SHA512

            9722edf5609126850d70dbd1ce1d47a146df340d7f3dad1528cfa3a3e110e5f539570654049bd1807788ca320b8ccde1ee1a3b8aab5d27195ebc8f3bc251ddd4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\local.lock.db
            Filesize

            103B

            MD5

            797a146c30ce644f5085af8de32cb00b

            SHA1

            e374c8321bf9cfadbbe3ec5fef429f25a2dca3ac

            SHA256

            93f4bd53ed2744961a92304e379b6674de19894984bc2cb85c2e71b1d706f120

            SHA512

            9c6f551a10d9993b0f4fd1b9c7d0980b8f5f74a838e43eb691fa93c7d22af1152bd7c535e9c2c0bb9360b356414df35060578b6aca516333a20c1a50fb2477d7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\local.lock.db
            Filesize

            103B

            MD5

            718f21e328623594e091bd07dfc41bfd

            SHA1

            b02920fd61daa7665615b722013fe2bf160e03d3

            SHA256

            607305a4df39c84cab146429afce73043ac6f24f851e62f4a5f767dcaecbeecb

            SHA512

            1b82748a9f802403a05224ec513938350bed51264a8540c151632725be9cf3ca767c0bd4c7d122737cd6380e0c3e3797674cd6c6bcb2b1f2428ae86060d1d9e4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\pstcache.lock.db
            Filesize

            103B

            MD5

            6046814d4c114f4f4e6cefb1be99ed4c

            SHA1

            76bb2ed570b25a22e4f411af18c29acf490e41f0

            SHA256

            c45d2f35030741b83408530ab53f255a68da280c48ef509a507af26b0684fbbb

            SHA512

            11afd3761686864a0cffc470a690c3869707ca8ebe62d1bde863cdbe070f2b19ca0a2504a5ae30792645ff0f69fbea7011fab28e3480b2a3cdd1174d7fe0e666

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\pstcache.lock.db
            Filesize

            103B

            MD5

            288b1fc593d110af1381d6b2cf95eb4c

            SHA1

            247ae320433db52ba9a3d4b4370024249f095051

            SHA256

            d729bd87f061da5752f62eeed6a03fb822bd7629d4b13970f7121cafee32088c

            SHA512

            38ddff83944615ed82c1cf8bd895375fb985c3ddc410a163eb681ee16ecf381b5e47544e1eff01276c6b256b564614121852ece1663791ea92c1dab1800e2304

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\traffic.lock.db
            Filesize

            103B

            MD5

            02efa80175609be82c6a15da39449698

            SHA1

            ee2bf7da5ecbe49b630579bfb4339476daa4d8b2

            SHA256

            602ae3fe9bbf701f3431a5fa7120b8d4975d3570c018de27fa5c92156dc628d4

            SHA512

            b652f889ce946a245e0ff89f89c7658b67af2969912f179a11ac79c9b5c7d99abe90f1385c6135779556314f91c992b3af215456f123a600c804b0efe151381d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\traffic.lock.db
            Filesize

            103B

            MD5

            e12e3e4e537a14a676878ae5a7e67028

            SHA1

            3e1f66e61a91f85f2f75690afe9743cdec10436b

            SHA256

            b8439dc5159c2ac319ab827f65af6077d9b1c6084f6a880544504999922cf371

            SHA512

            8559b2fa0d730c3640a008098d1830b0a4838de3ae7bffbcc53e42d30e751b24f4955f0ee79397042b528c41f8808d5bd4fff693090d157ba1b27e964ab8c1de

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\db\traffic.lock.db
            Filesize

            103B

            MD5

            0a496e6748856f8b4ecc566660128988

            SHA1

            62be86b44c2a8eb97f1ab8a584ed2f8eba470414

            SHA256

            745b512d0c8c3a89c37d749a2ff79e457c880bcc4b608bad0b7075e292d213e6

            SHA512

            6823bbaf4844e82e4e4ccbc899882a2cd91b7828a4df9e30290c401f054db01381e2d66c0b0e1aa55bab3c2341a5a9f96c0a19f46c296700f7399c0fc777bcb2

            Download Submit

          • memory/1820-198-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-54-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-201-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-215-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-223-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-38-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-225-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-240-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-241-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-244-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-2-0x0000000002550000-0x00000000027C0000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/1820-205-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-24-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-130-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-15-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-384-0x00000000027C0000-0x00000000027D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1820-387-0x0000000002550000-0x00000000027C0000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/1820-388-0x00000000027D0000-0x00000000027E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1820-570-0x00000000027E0000-0x00000000027F0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1820-116-0x0000000000140000-0x0000000000141000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1820-745-0x00000000027C0000-0x00000000027D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1820-758-0x00000000027D0000-0x00000000027E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1820-771-0x00000000027E0000-0x00000000027F0000-memory.dmp

            Filesize

            64KB

            Download