Overview

overview

6

Static

static

3

Wa0Desktop...op.exe

windows7-x64

6

Wa0Desktop...op.exe

windows10-2004-x64

6

Wa0Desktop...eb.dll

windows7-x64

3

Wa0Desktop...eb.dll

windows10-2004-x64

3

Wa0Desktop...in.dll

windows7-x64

3

Wa0Desktop...in.dll

windows10-2004-x64

3

Wa0Desktop...in.dll

windows7-x64

3

Wa0Desktop...in.dll

windows10-2004-x64

3

Wa0Desktop/stop.bat

windows7-x64

1

Wa0Desktop/stop.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2024 20:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Wa0Desktop/stop.bat

  • Size

    41B

  • MD5

    4302de2a361e9dff1df9c11f2af9479f

  • SHA1

    1c6734e09404bb86a306c1ed6413026ddc885549

  • SHA256

    e465002e66bdd4d8673dd1730a7161e546c35acffb6836e4fb3f8ed567396edc

  • SHA512

    230f85beaf56bbf507c79af0be1be30232734f73176ab46c6e47bc9e9811e89d40edd7b30d34f13d86b31484f1f7d46c8aaae463197a66eae6451807aaa0ae27

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Wa0Desktop\stop.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Windows\system32\taskkill.exe
      taskkill /im Wa0Desktop.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads