13da376f47576e3d022dbb16671fbd8501c3d03c06ccbcf83f361cd757b0961c

Analysis

max time kernel
132s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

INV_010624.bat.exe
Size

576KB
MD5

64b2f12c07091c97a05adb0dd7946470
SHA1

7c33634c09f13c74cba2da37d047bce4b6e0ac60
SHA256

13da376f47576e3d022dbb16671fbd8501c3d03c06ccbcf83f361cd757b0961c
SHA512

5c1484c10eec782adb0d55858c1489b36a4b186c08d502ad8fac38144ba949798fd4e5002cb6f0b8f74d6ab70262695f20f10749a5fd3c6625b910cf5ad47efc
SSDEEP

12288:D42i4JTqkp3SKshEzt46A9jmP/uhu/yMS08CkntxYR:EJ4JTDPmfmP/UDMS08Ckn3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

INV_010624.bat.exe

pid process

4640 INV_010624.bat.exe
4640 INV_010624.bat.exe
4640 INV_010624.bat.exe

pid	process
4640	INV_010624.bat.exe
4640	INV_010624.bat.exe
4640	INV_010624.bat.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

INV_010624.bat.exe

description	pid	process	target process
PID 4640 wrote to memory of 4376	4640	INV_010624.bat.exe	cmd.exe
PID 4640 wrote to memory of 4376	4640	INV_010624.bat.exe	cmd.exe
PID 4640 wrote to memory of 4376	4640	INV_010624.bat.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\INV_010624.bat.exe
"C:\Users\Admin\AppData\Local\Temp\INV_010624.bat.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4640

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads