2c112340536eb7384f85c0ec61003821b1b162db4702844f2318dfdd47d841e1 | Triage

Sharing

General

Target

test.bat
Size

1KB
Sample

240825-3phjestekn
MD5

9b47e17658a247fe0a23c3fa051d110e
SHA1

4016c00170eaccc3daa26043907b19fb690c2671
SHA256

2c112340536eb7384f85c0ec61003821b1b162db4702844f2318dfdd47d841e1
SHA512

a9c7ca2bc4074842406cb27e08007e9d919105d099aeb75084a00cce0b470e81e3a1061a2a7504c0065bfb378192d5d269e98421281f8c0887c201ff759d5f9b

Score

8^/10

execution pyinstaller

Malware Config

Targets

- Target
  
  test.bat
- Size
  
  1KB
- MD5
  
  9b47e17658a247fe0a23c3fa051d110e
- SHA1
  
  4016c00170eaccc3daa26043907b19fb690c2671
- SHA256
  
  2c112340536eb7384f85c0ec61003821b1b162db4702844f2318dfdd47d841e1
- SHA512
  
  a9c7ca2bc4074842406cb27e08007e9d919105d099aeb75084a00cce0b470e81e3a1061a2a7504c0065bfb378192d5d269e98421281f8c0887c201ff759d5f9b
Score

8^/10

execution pyinstaller
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionpyinstaller