Analysis
-
max time kernel
94s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06-08-2024 19:33
Static task
static1
Behavioral task
behavioral1
Sample
Defeat-Defender-V1.2.0-main/Defeat-Defender.bat
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Defeat-Defender-V1.2.0-main/Defeat-Defender.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Defeat-Defender-V1.2.0-main/run.bat
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Defeat-Defender-V1.2.0-main/run.bat
Resource
win10v2004-20240802-en
General
-
Target
Defeat-Defender-V1.2.0-main/Enable Smart Screen.bat
-
Size
955B
-
MD5
4a440eb3aa3b80dc5d30879671e8fa53
-
SHA1
030c2e1fd7e2ed6a0a1281bf93760a6440b184e8
-
SHA256
b5cec5db1b84f2e62c7cec4a22f09566852b4b9cab33c8df9ef4f5577113df3f
-
SHA512
496c700c5b16fc6d85ad70cba3d31fc13b90bf62941900060f2630193ff988cce2a43132c6a15807b7dc7df300a96e5c537995edb74594b03b160b4911ca6d12
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 3104 wrote to memory of 4360 3104 cmd.exe cacls.exe PID 3104 wrote to memory of 4360 3104 cmd.exe cacls.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Defeat-Defender-V1.2.0-main\Enable Smart Screen.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:3104 -
C:\Windows\system32\cacls.exe"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"2⤵PID:4360