Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14/07/2024, 14:53
Static task
static1
Behavioral task
behavioral1
Sample
celeryfixv3.bat
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
celeryfixv3.bat
-
Size
869B
-
MD5
82f3c770640055b468a0a53a285ce361
-
SHA1
f5a4f847eb983873347e83cbe7cb8cd5d23d20ab
-
SHA256
71492a3bc9fb4d0bc84ae15f7bc1f2fe432222cf12cdf9650906a47ac3beff68
-
SHA512
350836d40b150004233f40252d7b519a7afb398592dcd33bed521434fe80a649999733459e62e89015d44df2ab526786e7e49018f1591f74f42ee8e46246d47c
Score
1/10
Malware Config
Signatures
-
Modifies registry key 1 TTPs 3 IoCs
pid Process 4840 reg.exe 3436 reg.exe 4912 reg.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1372 wrote to memory of 4840 1372 cmd.exe 85 PID 1372 wrote to memory of 4840 1372 cmd.exe 85 PID 1372 wrote to memory of 3436 1372 cmd.exe 86 PID 1372 wrote to memory of 3436 1372 cmd.exe 86 PID 1372 wrote to memory of 4912 1372 cmd.exe 87 PID 1372 wrote to memory of 4912 1372 cmd.exe 87
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\celeryfixv3.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1372 -
C:\Windows\system32\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REGDWORD /d 1 /f2⤵
- Modifies registry key
PID:4840
-
-
C:\Windows\system32\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun /v 1 /t REGDWORD /d C:\Windows\explorer.exe /f2⤵
- Modifies registry key
PID:3436
-
-
C:\Windows\system32\reg.exereg add HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer2⤵
- Modifies registry key
PID:4912
-