Overview
overview
10Static
static
1BYBBLJDYNKYQRCIW.ps1
windows7-x64
3BYBBLJDYNKYQRCIW.ps1
windows10-2004-x64
10LOEVIQHNNBLMJQGX.vbs
windows7-x64
3LOEVIQHNNBLMJQGX.vbs
windows10-2004-x64
7NOXOIMAYDCJQRTDL.bat
windows7-x64
8NOXOIMAYDCJQRTDL.bat
windows10-2004-x64
8PLYEDPJAJZDJPATK.vbs
windows7-x64
3PLYEDPJAJZDJPATK.vbs
windows10-2004-x64
7XKAHEZZHLYETQDGK.bat
windows7-x64
8XKAHEZZHLYETQDGK.bat
windows10-2004-x64
8YEJVMCIJLIUXHSQV.ps1
windows7-x64
3YEJVMCIJLIUXHSQV.ps1
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 01:53
Static task
static1
Behavioral task
behavioral1
Sample
BYBBLJDYNKYQRCIW.ps1
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
BYBBLJDYNKYQRCIW.ps1
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
LOEVIQHNNBLMJQGX.vbs
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
LOEVIQHNNBLMJQGX.vbs
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
NOXOIMAYDCJQRTDL.bat
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
NOXOIMAYDCJQRTDL.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
PLYEDPJAJZDJPATK.vbs
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
PLYEDPJAJZDJPATK.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
XKAHEZZHLYETQDGK.bat
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
XKAHEZZHLYETQDGK.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
YEJVMCIJLIUXHSQV.ps1
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
YEJVMCIJLIUXHSQV.ps1
Resource
win10v2004-20240611-en
General
-
Target
NOXOIMAYDCJQRTDL.bat
-
Size
1KB
-
MD5
f0615a271904779ef01a22ccffc5b7ac
-
SHA1
b18bab505208a2d1a53f7496286f25ac199b7475
-
SHA256
5e91677a0a32ced94580bef9253982462f9d9a7e5f2166a07561fe13f4342e98
-
SHA512
caa35c7111c525d8385e14b51368f657f9232b606dd6aa27fb580884264d0215435de234b4bfc155ec006107dfd94da978a73331442a2fd19c310348e3d758a2
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Run Powershell and hide display window.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1916 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1916 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2232 wrote to memory of 1916 2232 cmd.exe powershell.exe PID 2232 wrote to memory of 1916 2232 cmd.exe powershell.exe PID 2232 wrote to memory of 1916 2232 cmd.exe powershell.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\NOXOIMAYDCJQRTDL.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\BYBBLJDYNKYQRCIW.ps1'"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1916