Overview

overview

9

Static

static

1

Eerie Cleaner V2.bat

windows7-x64

3

Eerie Cleaner V2.bat

windows10-2004-x64

9

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Eerie Cleaner V2.bat

  • Size

    4KB

  • MD5

    37ef21adf06934e902670dc77b93f91e

  • SHA1

    e311a65512c8ded721846b07769800f36efe3e62

  • SHA256

    f5ae13049ff90ed8b313c9c217522959ba9b5cd6cc651de196d58decc4aa60bd

  • SHA512

    4b4814a4385c908976cc8f9b47223eeb651cff834024428b58602f34980b8c0c328e84dae2353f7abeb6e88f8575f8a1282726af3683eb2c6c228d4fad3e8775

  • SSDEEP

    48:9dF/xamIWmN9m5lgFLtl+SSISno1hawpMv4R4MCG7nyb4tF5+gwkTp0Ro:9FIWmrClgFLP+SSISnkhaq+tA+QTpz

Score
3/10
discovery

Malware Config

Signatures

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 21 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 21 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Eerie Cleaner V2.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Windows\system32\mode.com
      mode 80, 28
      2⤵
        PID:2540
      • C:\Windows\system32\chcp.com
        chcp 65001
        2⤵
          PID:2688
        • C:\Windows\system32\PING.EXE
          ping localhost -n 2
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2096
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2464
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:3048
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2220
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2712
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2848
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2864
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2916
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2612
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2720
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2888
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2800
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2856
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2648
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2512
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1340
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1688
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2016
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1540
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1732
        • C:\Windows\system32\PING.EXE
          ping localhost -n 1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:1152
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /S /D /c" echo"
          2⤵
            PID:2364
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" set /p=". Select an option: ""
            2⤵
              PID:1052
            • C:\Windows\system32\choice.exe
              choice /c 123456789AB
              2⤵
                PID:1720

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads