Overview

overview

10

Static

static

10

Inspected+X+l1nez.zip

windows11-21h2-x64

8

Inspected ...IT.exe

windows11-21h2-x64

4

Inspected ...ld.bat

windows11-21h2-x64

1

Inspected ...ain.py

windows11-21h2-x64

3

Inspected ...10.pyc

windows11-21h2-x64

3

Inspected ...10.pyc

windows11-21h2-x64

3

Inspected ...10.pyc

windows11-21h2-x64

3

Inspected ...10.pyc

windows11-21h2-x64

3

Inspected ...10.pyc

windows11-21h2-x64

3

Inspected ...ild.py

windows11-21h2-x64

3

Inspected ...fig.py

windows11-21h2-x64

3

Inspected ...env.py

windows11-21h2-x64

3

Inspected ...ate.py

windows11-21h2-x64

3

Inspected ...fig.py

windows11-21h2-x64

3

Inspected ...on.bat

windows11-21h2-x64

8

Inspected ...bug.py

windows11-21h2-x64

3

Inspected ...ers.py

windows11-21h2-x64

3

Inspected ...ken.py

windows11-21h2-x64

3

Inspected ...ion.py

windows11-21h2-x64

3

Inspected ...tup.py

windows11-21h2-x64

3

Inspected ...nfo.py

windows11-21h2-x64

3

Inspected ...fig.py

windows11-21h2-x64

3

Inspected ...ain.py

windows11-21h2-x64

3

Analysis

  • max time kernel
    435s
  • max time network
    490s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-08-2024 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Inspected X l1nez/build.bat

  • Size

    660B

  • MD5

    a1bb959efd31c4c1d4ce68e1d28dd965

  • SHA1

    374aa46c384805d5713a52a07332f839fd88d3da

  • SHA256

    157c8e2e156c5073ed6250c5c59a528615356d997bd5e9fc03ee3fb48bf46926

  • SHA512

    ca20cde34f008850430f48e7b627c7ed3834467975bf6855ba4db2c1b73de7b19066c09475c8d0b88aaeefb057ccd71e54a680d8b034107cd7ab1b9b299b28a3

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Inspected X l1nez\build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\Windows\system32\mode.com
      mode con: cols=100 lines=30
      2⤵
        PID:800
      • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
        python --version
        2⤵
          PID:1264
        • C:\Windows\system32\findstr.exe
          findstr " 3.11"
          2⤵
            PID:2272

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads