Analysis
-
max time kernel
93s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14/07/2024, 09:55
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.bat
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Launcher.bat
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
compiler.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
compiler.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
lua51.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
lua51.dll
Resource
win10v2004-20240709-en
General
-
Target
Launcher.bat
-
Size
33B
-
MD5
6287e562f249e3713e12136a1ffbd8fa
-
SHA1
5778c96d74c077905c2b30741eba2b2c070d8f0f
-
SHA256
d76b5184c7fe293578aec681b64d1a72eec44e28342655f1bf2dcf120f6b7708
-
SHA512
9ca4d0ae1146beba8fb192346f31c13b5ec92bf1c6b49daafd7fac3b51e2a6f87bf50d95da6eab72a51dc0aa76d56fd9f2026214cb0fb45e3192a9067bf47212
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 1 ip-api.com -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 372 wrote to memory of 2148 372 cmd.exe 84 PID 372 wrote to memory of 2148 372 cmd.exe 84 PID 372 wrote to memory of 2148 372 cmd.exe 84