ae2609c47cd76999818286dedf91ca6f5ce1c14dd6e83713691f674309ec6725

Analysis

max time kernel
91s
max time network
124s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
12-07-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.bat
Size

31B
MD5

41132bf2fe575a1b1e4c1504afe5324a
SHA1

2531a3b6534495510d727cfd179805b1eb68d7fe
SHA256

a6a10d3ad76f6ac73ddb8026cea7024523b67210cad1ff64e0deea00bbf54df5
SHA512

a5514a7a7749233d0c37c8d6be628ca3e5ac4e36a187fccda53569430eaa9723f704c0597f79dee5ddf1e507407ec087cf70cccd8fddcbedad50d6a6d1ed1b6a

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

1 ip-api.com

flow	ioc
1	ip-api.com

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 960 wrote to memory of 4848	960	cmd.exe	compiler.exe
PID 960 wrote to memory of 4848	960	cmd.exe	compiler.exe
PID 960 wrote to memory of 4848	960	cmd.exe	compiler.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:960

C:\Users\Admin\AppData\Local\Temp\compiler.exe
compiler.exe config
2⤵
PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4848-0-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-45-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-63-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-36-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-62-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-79-0x00000000017B0000-0x00000000017B1000-memory.dmp

Filesize
4KB

Download
memory/4848-78-0x00000000017B0000-0x00000000017B1000-memory.dmp

Filesize
4KB

Download
memory/4848-61-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-60-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-59-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-58-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-57-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-56-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-55-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-54-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-53-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-52-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-51-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-50-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-49-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-48-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-47-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-46-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-42-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-41-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-40-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-39-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-38-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-35-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-34-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-33-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-32-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-31-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-30-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-29-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-28-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-27-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-26-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-25-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-24-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-23-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-22-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-21-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-20-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-19-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-18-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-17-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-16-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-15-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-14-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-13-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-12-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-11-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-10-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-8-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-7-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-5-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-4-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-1-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-44-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-43-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-37-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-9-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-6-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-3-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-2-0x000000007F760000-0x000000007F770000-memory.dmp

Filesize
64KB

Download
memory/4848-83-0x00000000017C0000-0x00000000017C1000-memory.dmp

Filesize
4KB

Download
memory/4848-86-0x00000000017C0000-0x00000000017C1000-memory.dmp

Filesize
4KB

Download