Overview

overview

6

Static

static

1

Death.bat

windows7-x64

6

Death.bat

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-08-2024 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Death.bat

  • Size

    7KB

  • MD5

    6883c65b120747e92937e3bf894db70b

  • SHA1

    60cc04d3f9caa60e2f640501d7db5ad014659222

  • SHA256

    76b25092135d543b4e171ff7cb68bb1012971742edfd8076406e5222c2ddd312

  • SHA512

    83fd357416509b6d21b014cce4b793e9bb720cddf57c8536fe311ec17e3c30c2343f92881dd572959f642cfa25f811bf3c7c894c95d5da35195bf333ef02885f

  • SSDEEP

    96:tqs6vYfENsqXYfEeoenBHqqMeqysRP1HBHqqMeqysRP13oeS:tf6vYfEeqXYfEevnBHfw1HBHfw13vS

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Death.bat"
    1⤵
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:3784
    • C:\Windows\system32\reg.exe
      reg delete HKCR/*
      2⤵
        PID:5076
      • C:\Windows\system32\reg.exe
        reg delete HKCR/.dll
        2⤵
          PID:4820
        • C:\Windows\system32\reg.exe
          reg delete HKCR/.exe @echo off
          2⤵
            PID:4580

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads