Overview

overview

8

Static

static

1

AVG Anti-S...��.bat

windows7-x64

6

AVG Anti-S...��.bat

windows10-2004-x64

6

AVG Anti-S...��.bat

windows7-x64

7

AVG Anti-S...��.bat

windows10-2004-x64

7

AVG Anti-S...ll.bat

windows7-x64

8

AVG Anti-S...ll.bat

windows10-2004-x64

8

AVG Anti-S...ll.bat

windows7-x64

1

AVG Anti-S...ll.bat

windows10-2004-x64

1

AVG Anti-S...as.exe

windows7-x64

7

AVG Anti-S...as.exe

windows10-2004-x64

7

AVG Anti-S...64.sys

windows7-x64

1

AVG Anti-S...64.sys

windows10-2004-x64

1

AVG Anti-S...ln.sys

windows7-x64

1

AVG Anti-S...ln.sys

windows10-2004-x64

1

AVG Anti-S...xt.dll

windows7-x64

1

AVG Anti-S...xt.dll

windows10-2004-x64

1

AVG Anti-S...64.dll

windows7-x64

7

AVG Anti-S...64.dll

windows10-2004-x64

7

AVG Anti-S...ne.dll

windows7-x64

1

AVG Anti-S...ne.dll

windows10-2004-x64

1

AVG Anti-S...rd.exe

windows7-x64

1

AVG Anti-S...rd.exe

windows10-2004-x64

1

AVG Anti-S...rd.sys

windows7-x64

1

AVG Anti-S...rd.sys

windows10-2004-x64

1

AVG Anti-S...64.sys

windows7-x64

1

AVG Anti-S...64.sys

windows10-2004-x64

1

AVG Anti-S...lp.chm

windows7-x64

1

AVG Anti-S...lp.chm

windows10-2004-x64

1

AVG Anti-S...ok.dll

windows7-x64

1

AVG Anti-S...ok.dll

windows10-2004-x64

1

AVG Anti-S...64.dll

windows7-x64

7

AVG Anti-S...64.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    51s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 11:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    AVG Anti-Spyware/1)install.bat

  • Size

    127B

  • MD5

    f361f05865fd277c790aa64a65b864cd

  • SHA1

    9d0dcb55892299748dd39d2dbb6c735caf7cf8a1

  • SHA256

    e1d82943f10ebc7b3fc2f6a66280535936640dc26395a445b8f937eed72900aa

  • SHA512

    71e8f0dc5e39b73e2f2431aa33ef0f6a74646286be65de7819b08cdbfe161ee1f0896bb3524d4b6bbf93a5b02293c7ad318c1b5c1ae254f561103edb3629ccb7

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\AVG Anti-Spyware\1)install.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Users\Admin\AppData\Local\Temp\AVG Anti-Spyware\guard.exe
      guard /install
      2⤵
      • Drops file in Drivers directory
      PID:4160
  • C:\Users\Admin\AppData\Local\Temp\AVG Anti-Spyware\guard.exe
    "C:\Users\Admin\AppData\Local\Temp\AVG Anti-Spyware\guard.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5036

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads