4bbe87743c410d144d3b226cb1629996d81e5660a9a6b0a590a5d3f082e72d14

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 16:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

trustedinstaller.bat
Size

1KB
MD5

1b66c83dc9ab21380f495be5f7cc8426
SHA1

7f53bd6c0f99a8b7b14148d95f8bfd21653dc452
SHA256

4bbe87743c410d144d3b226cb1629996d81e5660a9a6b0a590a5d3f082e72d14
SHA512

82407c26ab103653a2d0262db5925d8554e96409bbf8c56a469b6f646898350866dae4b32442d7c2f6bfa2ff2e87a3633e90d23f8349041161fc245c8f8fcf59

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2368	icacls.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1636	2036	cmd.exe	31
PID 2036 wrote to memory of 1636	2036	cmd.exe	31
PID 2036 wrote to memory of 1636	2036	cmd.exe	31
PID 2036 wrote to memory of 2368	2036	cmd.exe	32
PID 2036 wrote to memory of 2368	2036	cmd.exe	32
PID 2036 wrote to memory of 2368	2036	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\trustedinstaller.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\system32\openfiles.exe
  openfiles
  2⤵
  PID:1636
- C:\Windows\system32\icacls.exe
  icacls "" /grant:r TRUSTEDINSTALLER:(F) /T
  2⤵
  - Modifies file permissions
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads