86e34336eef81f64ddabb23a6bd39c6468a2786afe79f55c4a544179818d95df | Triage

Analysis

max time kernel
103s
max time network
81s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23/08/2024, 17:30

Sharing

Report Analysis Logs

General

Target

Spotify-Checker-main/start.bat
Size

26B
MD5

e5e1727ee0e1ac1a633f9c1f25f299ce
SHA1

e41605368fac2adf19a89ac5632463191e78e0f6
SHA256

ac65b2ad2edf89b12309d421cd23a3042151c691f5269c69a5f0636688c4e202
SHA512

5c44a3c360a62309b0ffcf1691321c710d4445659c226ba4e2233cb17393db99d42695512196d137e6a04f227ef10dcf1f75017e7752ffc52b769950507914cc

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5116	OpenWith.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe
5116	OpenWith.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 1040	5116	OpenWith.exe	81
PID 5116 wrote to memory of 1040	5116	OpenWith.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Spotify-Checker-main\start.bat"
1⤵
PID:204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\GroupLimit.cmd" "
1⤵
PID:2220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc
1⤵
PID:3548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\3t╟+
  2⤵
  PID:1040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads