Overview

overview

7

Static

static

3

61edc88704...18.exe

windows7-x64

3

61edc88704...18.exe

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PROGRAM_F...ll.exe

windows7-x64

7

$PROGRAM_F...ll.exe

windows10-2004-x64

7

decsysswn.exe

windows7-x64

1

decsysswn.exe

windows10-2004-x64

1

imex.bat

windows7-x64

7

imex.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    imex.bat

  • Size

    97B

  • MD5

    ea64e4ae470652eb41085b1bdb26e550

  • SHA1

    e2ebe78afd4aaca996b2fd11777b265a920949ca

  • SHA256

    4a08df9463aea9301d86a46eada70f07f3eb559510a02c7d00a4006bea5ee675

  • SHA512

    90677b5893ae81b271cda2af3a486664f13cad01d71055ec0986cb35449e0f6a0c27c6d0edc201256da506d556a4e9d7a8441190ad853ec1446181fabf569882

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 4 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\imex.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Users\Admin\AppData\Local\Temp\decsysswn.exe
      C:\Users\Admin\AppData\Local\Temp\decsysswn.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4380
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ipconfig /all
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3424
        • C:\Windows\SysWOW64\ipconfig.exe
          ipconfig /all
          4⤵
          • Gathers network information
          PID:3792
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ipconfig /all
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3344
        • C:\Windows\SysWOW64\ipconfig.exe
          ipconfig /all
          4⤵
          • Gathers network information
          PID:4980
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ipconfig /all
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1520
        • C:\Windows\SysWOW64\ipconfig.exe
          ipconfig /all
          4⤵
          • Gathers network information
          PID:460
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ipconfig /all
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4624
        • C:\Windows\SysWOW64\ipconfig.exe
          ipconfig /all
          4⤵
          • Gathers network information
          PID:4508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads