Overview

overview

7

Static

static

1

windows pr...me.cmd

windows7-x64

3

windows pr...me.cmd

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    windows pro etkinlestirme.cmd

  • Size

    90B

  • MD5

    379a9df2f9bd0dde05468bc000a22697

  • SHA1

    d6fb46e9ee7fc5b0bf9fb302dcfb8148246ffe40

  • SHA256

    c0f9fb177aa4c529dc4e6f6ba109e0e6dcffec7ebfaee30c6591369409c46508

  • SHA512

    c2ec8d7ddbf856150d1cad6bd84ca142907a182bc2f90bd8d43bc77a6ea8cd63bdec94f542ed17bb8dc77464ef0ef05624dee739da9128e6ac00cfd045e93bfe

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\windows pro etkinlestirme.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
      2⤵
        PID:2120
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /skms kms.lotro.cc
        2⤵
          PID:2164
        • C:\Windows\System32\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ato
          2⤵
            PID:2412

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads