Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 19:33

General

  • Target

    Defeat-Defender-V1.2.0-main/Defeat-Defender.bat

  • Size

    3KB

  • MD5

    123c7ff359911f5a6bd2cce3f44d68e7

  • SHA1

    b0a06f3acd65df1b019e0f8b3e5df81f38bfe06d

  • SHA256

    d0684a4f8a1dde0fefa5272d38fd96c21388f0398beff1a2847ff0c021611068

  • SHA512

    c164cdba208e518fad16cdd889eabd9128d82b1711aad773ecfe923296a7faef73a8da801ef12f973bd6bd7d76c871d3a3c8765b5e39919315a0eee4d5bf76c2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Defeat-Defender-V1.2.0-main\Defeat-Defender.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Windows\system32\cacls.exe
      "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
      2⤵
        PID:1716
      • C:\Windows\system32\wscript.exe
        wscript C:\Users\Admin\AppData\Local\Temp\tmp.vbs
        2⤵
          PID:2796

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\tmp.vbs

        Filesize

        112B

        MD5

        9313d55e26ad30ddcbc046fe8013a21d

        SHA1

        a5712ce8864d7b0ca88b94c64226dfeb2221457f

        SHA256

        121ab5b57fb09d3c520a7fd6dfaa5b87844e1e8379a9635e7a737934e7e9226a

        SHA512

        77b7f3c2aca2ba61519a9fed7dbb3e7f2dd803bd566eeb9531e1ed038dff68e88c4d2f73a83e37396fd475f57dbdef55966361176dde70d1343747aca5888ba7