9618961af8c6db27588c649679634bec7ece8fabd3e48f02f33ac0b837b56d2e

Submit
Reports

Overview

overview

Static

static

zvgfd-main...iz.bat

windows10-2004-x64

zvgfd-main...lt.exe

windows10-2004-x64

zvgfd-main/Client.bat

windows10-2004-x64

zvgfd-main...lt.exe

windows10-2004-x64

zvgfd-main... .exe

windows10-2004-x64

zvgfd-main...ol.exe

windows10-2004-x64

zvgfd-main...ol.exe

windows10-2004-x64

zvgfd-main...ve.bat

windows10-2004-x64

zvgfd-main...ve.exe

windows10-2004-x64

zvgfd-main...ke.bat

windows10-2004-x64

zvgfd-main...V2.exe

windows10-2004-x64

zvgfd-main...ll.exe

windows10-2004-x64

zvgfd-main...up.exe

windows10-2004-x64

zvgfd-main/Output.exe

windows10-2004-x64

zvgfd-main/Part 1.bat

windows10-2004-x64

zvgfd-main/Part 2.bat

windows10-2004-x64

zvgfd-main...om.exe

windows10-2004-x64

zvgfd-main...er.exe

windows10-2004-x64

zvgfd-main/Server.exe

windows10-2004-x64

zvgfd-main/Uni.exe

windows10-2004-x64

zvgfd-main/Uni.exe

windows10-2004-x64

zvgfd-main...ol.exe

windows10-2004-x64

zvgfd-main...ol.exe

windows10-2004-x64

zvgfd-main...nt.exe

windows10-2004-x64

zvgfd-main...st.exe

windows10-2004-x64

zvgfd-main/asjdfg.exe

windows10-2004-x64

zvgfd-main...-3.dll

windows10-2004-x64

zvgfd-main...h2.dll

windows10-2004-x64

zvgfd-main...-3.dll

windows10-2004-x64

zvgfd-main/main.exe

windows10-2004-x64

zvgfd-main/ncat.exe

windows10-2004-x64

zvgfd-main...ad.exe

windows10-2004-x64

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 16:14

Sharing

Copy URL

Twitter E-mail

Static task

static1

13 signatures

Behavioral task

behavioral1

Sample

zvgfd-main/Are You Skibidy, The Quiz.bat

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

zvgfd-main/Client-built.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

zvgfd-main/Client.bat

Resource

win10v2004-20240709-en

quasar testing execution spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

zvgfd-main/Client_built.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

zvgfd-main/Empyrean Removal Tool .exe

Resource

win10v2004-20240709-en

quasar xworm slave execution rat spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral6

Sample

zvgfd-main/Empyrean Removal Tool.exe

Resource

win10v2004-20240709-en

asyncrat quasar xworm default slave execution rat spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral7

Sample

zvgfd-main/Empyrean Removal Tool.exe

Resource

win10v2004-20240709-en

asyncrat quasar xworm default slave execution rat spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral8

Sample

zvgfd-main/Fanta.Live.bat

Resource

win10v2004-20240709-en

xworm execution persistence rat trojan

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral9

Sample

zvgfd-main/Fanta.Live.exe

Resource

win10v2004-20240704-en

xworm execution rat trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral10

Sample

zvgfd-main/Fanta_Is_Better_Than_Coke.bat

Resource

win10v2004-20240709-en

asyncrat quasar xworm default slave execution persistence rat spyware trojan

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral11

Sample

zvgfd-main/Frozen Loader V2.exe

Resource

win10v2004-20240709-en

xworm persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral12

Sample

zvgfd-main/Install.exe

Resource

win10v2004-20240704-en

bootkit persistence

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral13

Sample

zvgfd-main/OperaGXSetup.exe

Resource

win10v2004-20240709-en

spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral14

Sample

zvgfd-main/Output.exe

Resource

win10v2004-20240709-en

asyncrat default rat

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral15

Sample

zvgfd-main/Part 1.bat

Resource

win10v2004-20240709-en

asyncrat quasar xworm default slave execution persistence rat spyware trojan

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral16

Sample

zvgfd-main/Part 2.bat

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

zvgfd-main/Phantom.exe

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

zvgfd-main/PyMain Installer.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral19

Sample

zvgfd-main/Server.exe

Resource

win10v2004-20240709-en

asyncrat quasar xworm default slave execution rat spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral20

Sample

zvgfd-main/Uni.exe

Resource

win10v2004-20240709-en

quasar slave spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral21

Sample

zvgfd-main/Uni.exe

Resource

win10v2004-20240709-en

quasar slave spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral22

Sample

zvgfd-main/VIrus removal tool.exe

Resource

win10v2004-20240709-en

xworm execution persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral23

Sample

zvgfd-main/Virus removal tool.exe

Resource

win10v2004-20240709-en

xworm execution persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral24

Sample

zvgfd-main/XClient.exe

Resource

win10v2004-20240709-en

xworm persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral25

Sample

zvgfd-main/XClientTest.exe

Resource

win10v2004-20240709-en

xworm persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral26

Sample

zvgfd-main/asjdfg.exe

Resource

win10v2004-20240709-en

asyncrat default rat

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral27

Sample

zvgfd-main/libcrypto-3.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

zvgfd-main/libssh2.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

zvgfd-main/libssl-3.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

zvgfd-main/main.exe

Resource

win10v2004-20240709-en

persistence privilege_escalation spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral31

Sample

zvgfd-main/ncat.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

zvgfd-main/payload.exe

Resource

win10v2004-20240709-en

metasploit backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

zvgfd-main/Part 2.bat
Size

458KB
MD5

4861212330864f9fbf4d99218142931f
SHA1

f79387f84b44d0e8d4c0d741786e8c3823787400
SHA256

70afa1ff655e3d4cf903fea8689e6f5e58a4875b3bb692a390605d98863e1a65
SHA512

3ec603041a8db56e54fbd6c6a5a94671a1ff1824c0370f3caeba07efe2b6d89901171f1c9b3263699cf67ddfa613405e797b30ba556815e442d6be7f10afc877
SSDEEP

12288:qaYh9getMjSzyH5WfgObCBt82QvUtZveh83FkfC:4S3jSO5Wf3TWtZCsh

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 4076	2940	cmd.exe	85
PID 2940 wrote to memory of 4076	2940	cmd.exe	85
PID 4076 wrote to memory of 216	4076	net.exe	86
PID 4076 wrote to memory of 216	4076	net.exe	86

Processes

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\zvgfd-main\Part 2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\system32\net.exe
  net file
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4076
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 file
    3⤵
    PID:216

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads