Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
06-08-2024 19:33
Static task
static1
Behavioral task
behavioral1
Sample
Defeat-Defender-V1.2.0-main/Defeat-Defender.bat
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Defeat-Defender-V1.2.0-main/Defeat-Defender.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Defeat-Defender-V1.2.0-main/run.bat
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Defeat-Defender-V1.2.0-main/run.bat
Resource
win10v2004-20240802-en
General
-
Target
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
-
Size
955B
-
MD5
4a440eb3aa3b80dc5d30879671e8fa53
-
SHA1
030c2e1fd7e2ed6a0a1281bf93760a6440b184e8
-
SHA256
b5cec5db1b84f2e62c7cec4a22f09566852b4b9cab33c8df9ef4f5577113df3f
-
SHA512
496c700c5b16fc6d85ad70cba3d31fc13b90bf62941900060f2630193ff988cce2a43132c6a15807b7dc7df300a96e5c537995edb74594b03b160b4911ca6d12
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2572 wrote to memory of 2096 2572 cmd.exe cacls.exe PID 2572 wrote to memory of 2096 2572 cmd.exe cacls.exe PID 2572 wrote to memory of 2096 2572 cmd.exe cacls.exe