Overview

overview

8

Static

static

5

zapret-winws/1.cmd

windows7-x64

5

zapret-winws/1.cmd

windows10-2004-x64

5

zapret-winws/2.cmd

windows7-x64

5

zapret-winws/2.cmd

windows10-2004-x64

5

zapret-win...rt.dll

windows7-x64

1

zapret-win...rt.dll

windows10-2004-x64

1

zapret-win...64.sys

windows10-2004-x64

1

zapret-winws/all.cmd

windows7-x64

5

zapret-winws/all.cmd

windows10-2004-x64

5

zapret-win...n1.dll

windows7-x64

5

zapret-win...n1.dll

windows10-2004-x64

5

zapret-win...or.vbs

windows7-x64

1

zapret-win...or.vbs

windows10-2004-x64

1

zapret-win...st.cmd

windows7-x64

5

zapret-win...st.cmd

windows10-2004-x64

5

zapret-win...te.cmd

windows7-x64

8

zapret-win...te.cmd

windows10-2004-x64

8

zapret-win...el.cmd

windows7-x64

8

zapret-win...el.cmd

windows10-2004-x64

8

zapret-win...rt.cmd

windows7-x64

4

zapret-win...rt.cmd

windows10-2004-x64

4

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...te.cmd

windows7-x64

1

zapret-win...te.cmd

windows10-2004-x64

1

zapret-win...ve.cmd

windows7-x64

1

zapret-win...ve.cmd

windows10-2004-x64

1

zapret-win...rt.cmd

windows7-x64

1

zapret-win...rt.cmd

windows10-2004-x64

1

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...ws.exe

windows7-x64

5

Analysis

  • max time kernel
    93s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2024 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zapret-winws/service_start.cmd

  • Size

    38B

  • MD5

    d1c3c45da175b318fe11bdd65ec96913

  • SHA1

    00da2e971dd2cc034b56355e5e0c6d210044bb44

  • SHA256

    f396eb4c1c1c2801f294bdfd4e19c89d6b7ed7b0c5512aebd89d965a3fe46c8a

  • SHA512

    96cfc9839bb5d1a4b7939556e8a9cee1f1ad9b39413d8f7ee88e0c36fa1de8ac4e74d25bb60bb079254ef5802e8ffa34f5a49463f68da19d692f52e8d511b799

Score
4/10

Malware Config

Signatures

  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\zapret-winws\service_start.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3476
    • C:\Windows\system32\sc.exe
      sc start winws1
      2⤵
      • Launches sc.exe
      PID:3988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads