Overview

overview

9

Static

static

3

sus/Pluton...er.exe

windows11-21h2-x64

3

sus/data/c...er.bat

windows11-21h2-x64

9

sus/data/d...er.bat

windows11-21h2-x64

8

sus/data/driver.sys

windows11-21h2-x64

1

sus/data/kdmapper.exe

windows11-21h2-x64

1

sus/data/m...er.bat

windows11-21h2-x64

3

sus/data/spoofer.bat

windows11-21h2-x64

1

sus/data/spoofer.exe

windows11-21h2-x64

1

sus/run.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    202s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/08/2024, 16:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sus/run.bat

  • Size

    9KB

  • MD5

    6050e9c5b35aeb80528e17b416de8aff

  • SHA1

    0f5b3fca2bb24432fe83f6907e066b2d96997810

  • SHA256

    55fbf0640d3cdc7be69c886a67052bb740a746742637990f9f289fec817963db

  • SHA512

    b35b3f3a82fa15e74093d157525e1fa0a3f2300adf1393016e38c62e3b35f46a94919839f29c6a6f01a1f55afe0e40627fcdc4fa9dcd4e434df86274d0c432bd

  • SSDEEP

    96:cT8T9OB3dwnXnLcisH0EB+yddAAalXlH45WdLBkqCviv:cw2Wn3wibEw0ilXlSuVkDE

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\sus\run.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ver
      2⤵
        PID:3660
      • C:\Windows\System32\reg.exe
        reg query "HKCU\Console" /v ForceV2
        2⤵
          PID:1176
        • C:\Windows\System32\find.exe
          find /i "0x0"
          2⤵
            PID:4784
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\sus\run.bat" "
            2⤵
              PID:2248
            • C:\Windows\System32\find.exe
              find /i "C:\Users\Admin\AppData\Local\Temp"
              2⤵
                PID:4596

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads