Overview
overview
10Static
static
10UnBan Guid...er.url
windows7-x64
1UnBan Guid...er.url
windows10-2004-x64
1UnBan Guid...or.lnk
windows7-x64
3UnBan Guid...or.lnk
windows10-2004-x64
7UnBan Guid...or.url
windows7-x64
1UnBan Guid...or.url
windows10-2004-x64
1UnBan Guid...Ds.cmd
windows7-x64
1UnBan Guid...Ds.cmd
windows10-2004-x64
1UnBan Guid...Ds.cmd
windows7-x64
1UnBan Guid...Ds.cmd
windows10-2004-x64
1UnBan Guid...RU.exe
windows7-x64
1UnBan Guid...RU.exe
windows10-2004-x64
1UnBan Guid...ll.exe
windows7-x64
1UnBan Guid...ll.exe
windows10-2004-x64
1UnBan Guid...rt.exe
windows7-x64
4UnBan Guid...rt.exe
windows10-2004-x64
5UnBan Guid...64.exe
windows7-x64
4UnBan Guid...64.exe
windows10-2004-x64
5UnBan Guid...E).bat
windows7-x64
10UnBan Guid...E).bat
windows10-2004-x64
8UnBan Guid...er.bat
windows7-x64
1UnBan Guid...er.bat
windows10-2004-x64
1UnBan Guid...64.exe
windows7-x64
1UnBan Guid...64.exe
windows10-2004-x64
1UnBan Guid...64.sys
windows7-x64
1UnBan Guid...64.sys
windows10-2004-x64
1UnBan Guid...er.bat
windows7-x64
5UnBan Guid...er.bat
windows10-2004-x64
UnBan Guid...ew.exe
windows7-x64
6UnBan Guid...ew.exe
windows10-2004-x64
6UnBan Guid...md.exe
windows7-x64
1UnBan Guid...md.exe
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
24-06-2024 16:16
Static task
static1
Behavioral task
behavioral1
Sample
UnBan Guide/step 1/Download Revo Uninstaller.url
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
UnBan Guide/step 1/Download Revo Uninstaller.url
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
UnBan Guide/step 2/Registry Editor.lnk
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
UnBan Guide/step 2/Registry Editor.lnk
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
UnBan Guide/step 2/guid generator.url
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
UnBan Guide/step 2/guid generator.url
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
UnBan Guide/step 3/Change Disk IDs.cmd
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral8
Sample
UnBan Guide/step 3/Change Disk IDs.cmd
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
UnBan Guide/step 4/Change HWIDs.cmd
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral10
Sample
UnBan Guide/step 4/Change HWIDs.cmd
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
UnBan Guide/step 5/CRU.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
UnBan Guide/step 5/CRU.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
UnBan Guide/step 5/ignore/reset-all.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral14
Sample
UnBan Guide/step 5/ignore/reset-all.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
UnBan Guide/step 5/ignore/restart.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
UnBan Guide/step 5/ignore/restart.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
UnBan Guide/step 5/ignore/restart64.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
UnBan Guide/step 5/ignore/restart64.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
UnBan Guide/step 6/1. Spoofer (RUN ME).bat
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral20
Sample
UnBan Guide/step 6/1. Spoofer (RUN ME).bat
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
UnBan Guide/step 6/2. SerialsChecker.bat
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral22
Sample
UnBan Guide/step 6/2. SerialsChecker.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
UnBan Guide/step 6/AMIDEWINx64.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
UnBan Guide/step 6/AMIDEWINx64.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
UnBan Guide/step 6/AMIFLDRV64.sys
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
UnBan Guide/step 6/AMIFLDRV64.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
UnBan Guide/step 6/Cleaner.bat
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral28
Sample
UnBan Guide/step 6/Cleaner.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
UnBan Guide/step 6/DevManView.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
UnBan Guide/step 6/DevManView.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
UnBan Guide/step 6/DeviceCleanupCmd.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
UnBan Guide/step 6/DeviceCleanupCmd.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
UnBan Guide/step 3/Change Disk IDs.cmd
-
Size
1KB
-
MD5
6346b33980b7d8946c1f0dba5cbfd7f9
-
SHA1
c42c97f649afa4b408d25e003277f89b4cdbe7d8
-
SHA256
282932d8caacf613b7167f674a84d320af5b9e253f21c8134c46ce25ff4bb07b
-
SHA512
bef23ec08e2e9623a1b8769c509726e36e8d91b23593d59f38a3c7848ea6d07b963728a33ba74cde6da27f1944ca06ed4dd58eed4c7456c0e5c942ae227c2320
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2976 wrote to memory of 2056 2976 cmd.exe 29 PID 2976 wrote to memory of 2056 2976 cmd.exe 29 PID 2976 wrote to memory of 2056 2976 cmd.exe 29