Overview

overview

1

Static

static

1

New Text Document.bat

windows10-1703-x64

1

New Text Document.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    442s
  • max time network
    2320s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/08/2024, 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Text Document.bat

  • Size

    1KB

  • MD5

    1e9247dd61a64fa160ebcfc4b4c8fc65

  • SHA1

    cf57bf34660a090db0fa52d2074d4e3766104bcf

  • SHA256

    84d33c7a884a5e1be67cecbe9e1f37d1da844276d3dc8bb87cf86ba3f7f2cf46

  • SHA512

    7f48f1687f82d2ee3b4a2a5231efebb4fee241011265492baad01318249f27bf6b04a6c7cde0bc2ee8b6223335f7e74388d0f3b05ccc75fa13e79cd0fc1adaab

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.bat"
    1⤵
      PID:4920
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:376
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" "
        1⤵
          PID:616
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" "
          1⤵
            PID:3600
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" C:\Users\Admin\Desktop\dang.bat"
            1⤵
              PID:3080
            • C:\Windows\System32\NOTEPAD.EXE
              "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.bat
              1⤵
                PID:3856
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" C:\Users\Admin\Desktop\dang.bat"
                1⤵
                  PID:2308
                • C:\Windows\System32\NOTEPAD.EXE
                  "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dang.bat
                  1⤵
                  • Opens file in notepad (likely ransom note)
                  PID:4544
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" C:\Users\Admin\Desktop\dang.bat"
                  1⤵
                    PID:4656

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\Desktop\New Text Document.bat
                    Filesize

                    1KB

                    MD5

                    19ed20fdd16bc01f457e40092a4b8606

                    SHA1

                    3dd362e5fb7b86b49a34d855df22d9783073f3e6

                    SHA256

                    13e753d456d77de58a12b37bb1ce4d1e45d1eb5cc54e5288e47928638c1a8de1

                    SHA512

                    50e8d9448b52d7f3c3bf6299b001b0cd077e9f01e42364711c10bcedb712e07df742e10994feb55ed0485043c8654fae2cf4b99b38f5302e195cb8ce6267c45c

                    Download Submit