9235d2676794ff9cc054258ec08e894647ed0112a94f078c9b901d8f1aa049ce

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Files/InfoFinder.bat
Size

1KB
MD5

a00d0a78ea0ce615829c0308a44c010a
SHA1

9892bb77869aacdab7bbbdb6c7d910b310228872
SHA256

3542c65e592024bccd7cd196bf4ba7127aff636a15c530911e7af2d0712ea4ba
SHA512

39a7bb4adc0f3ad4321ded6c2b8c9f073d298e78a6a528a84936898c2694a21eb5f96c00cab88941647f70c7d855cd25fabc6b0f012756f9d87a797d98613d11

Score

1^/10

Malware Config

Signatures

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2684	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
2100	systeminfo.exe

Runs net.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2684	2504	cmd.exe	31
PID 2504 wrote to memory of 2684	2504	cmd.exe	31
PID 2504 wrote to memory of 2684	2504	cmd.exe	31
PID 2504 wrote to memory of 2688	2504	cmd.exe	32
PID 2504 wrote to memory of 2688	2504	cmd.exe	32
PID 2504 wrote to memory of 2688	2504	cmd.exe	32
PID 2688 wrote to memory of 2404	2688	net.exe	33
PID 2688 wrote to memory of 2404	2688	net.exe	33
PID 2688 wrote to memory of 2404	2688	net.exe	33
PID 2504 wrote to memory of 2100	2504	cmd.exe	34
PID 2504 wrote to memory of 2100	2504	cmd.exe	34
PID 2504 wrote to memory of 2100	2504	cmd.exe	34

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Files\InfoFinder.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:2684
- C:\Windows\system32\net.exe
  net user
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user
    3⤵
    PID:2404
- C:\Windows\system32\systeminfo.exe
  systeminfo
  2⤵
  - Gathers system information
  PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Files\GrabbedInfo\Admin's Info.txt

Filesize
6KB

MD5
f2976d4f904772f40eec4f244dae5d85

SHA1
2bf27cde8e979e1312f9650f8a9a9f03503c94ab

SHA256
4be2745fdbc375b60de391690ff3bab23ca4d2fee6c9900f5769230c100f8c53

SHA512
e0caafe0857276f44631e80f58fead28b0c664dfe80106d932d85dd12bad927f75d522e801ef25c192093734b286cc87daec3085a8af444ffc1478d8aa1b899c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads