Overview

overview

1

Static

static

1

windick-ma...ck.cmd

windows7-x64

1

windick-ma...ck.cmd

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 17:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    windick-main/windick.cmd

  • Size

    227KB

  • MD5

    b3922bb24876619dab9840a7cfaf7905

  • SHA1

    161b62032137d2ba93a32886ed8a458e6ad3e3cc

  • SHA256

    75c811c65fb3d5fed307bfffe96d75aea2e7e3d5aeb14dd3bd641bdb54bc28e3

  • SHA512

    a04cca4750a2a2877923920b1b1afad02d1c4b2f88c80895f5d51d752ae6c8859d77bf30faa8e59dbaf5e8e54d42c9660bb9ff5d25e403d237615485ac485a68

  • SSDEEP

    6144:vA5awmfnemRidZGi8TrKn+l3jzzDEyxbgQHrgDQjmYo+6xv94FQzAa:EawmfnemRidZGi8TrKnYzDE6gQHrgDQg

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\windick-main\windick.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\system32\chcp.com
      CHCP 437
      2⤵
        PID:2676
      • C:\Windows\system32\reg.exe
        Reg.exe query "HKU\S-1-5-19\Environment"
        2⤵
          PID:2668
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ECHO.C:\Users\Admin\AppData\Local\Temp\windick-main
          2⤵
            PID:2648
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c CMD.EXE /D /U /C ECHO.C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\WINDICK-MAIN| FIND /V ""
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:2748
            • C:\Windows\system32\cmd.exe
              CMD.EXE /D /U /C ECHO.C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\WINDICK-MAIN
              3⤵
                PID:2744
              • C:\Windows\system32\find.exe
                FIND /V ""
                3⤵
                  PID:2756
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUser 2>NUL
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:2820
                • C:\Windows\system32\reg.exe
                  REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUser
                  3⤵
                    PID:2780
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUserSID 2>NUL
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:2740
                  • C:\Windows\system32\reg.exe
                    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUserSID
                    3⤵
                      PID:2696

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads