Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
06-08-2024 19:33
Static task
static1
Behavioral task
behavioral1
Sample
Defeat-Defender-V1.2.0-main/Defeat-Defender.bat
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Defeat-Defender-V1.2.0-main/Defeat-Defender.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Defeat-Defender-V1.2.0-main/run.bat
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Defeat-Defender-V1.2.0-main/run.bat
Resource
win10v2004-20240802-en
General
-
Target
Defeat-Defender-V1.2.0-main/Defeat-Defender.bat
-
Size
3KB
-
MD5
123c7ff359911f5a6bd2cce3f44d68e7
-
SHA1
b0a06f3acd65df1b019e0f8b3e5df81f38bfe06d
-
SHA256
d0684a4f8a1dde0fefa5272d38fd96c21388f0398beff1a2847ff0c021611068
-
SHA512
c164cdba208e518fad16cdd889eabd9128d82b1711aad773ecfe923296a7faef73a8da801ef12f973bd6bd7d76c871d3a3c8765b5e39919315a0eee4d5bf76c2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exedescription pid process target process PID 2540 wrote to memory of 1716 2540 cmd.exe cacls.exe PID 2540 wrote to memory of 1716 2540 cmd.exe cacls.exe PID 2540 wrote to memory of 1716 2540 cmd.exe cacls.exe PID 2540 wrote to memory of 2796 2540 cmd.exe wscript.exe PID 2540 wrote to memory of 2796 2540 cmd.exe wscript.exe PID 2540 wrote to memory of 2796 2540 cmd.exe wscript.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Defeat-Defender-V1.2.0-main\Defeat-Defender.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Windows\system32\cacls.exe"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"2⤵PID:1716
-
C:\Windows\system32\wscript.exewscript C:\Users\Admin\AppData\Local\Temp\tmp.vbs2⤵PID:2796
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112B
MD59313d55e26ad30ddcbc046fe8013a21d
SHA1a5712ce8864d7b0ca88b94c64226dfeb2221457f
SHA256121ab5b57fb09d3c520a7fd6dfaa5b87844e1e8379a9635e7a737934e7e9226a
SHA51277b7f3c2aca2ba61519a9fed7dbb3e7f2dd803bd566eeb9531e1ed038dff68e88c4d2f73a83e37396fd475f57dbdef55966361176dde70d1343747aca5888ba7