Overview

overview

8

Static

static

5

zapret-winws/1.cmd

windows7-x64

5

zapret-winws/1.cmd

windows10-2004-x64

5

zapret-winws/2.cmd

windows7-x64

5

zapret-winws/2.cmd

windows10-2004-x64

5

zapret-win...rt.dll

windows7-x64

1

zapret-win...rt.dll

windows10-2004-x64

1

zapret-win...64.sys

windows10-2004-x64

1

zapret-winws/all.cmd

windows7-x64

5

zapret-winws/all.cmd

windows10-2004-x64

5

zapret-win...n1.dll

windows7-x64

5

zapret-win...n1.dll

windows10-2004-x64

5

zapret-win...or.vbs

windows7-x64

1

zapret-win...or.vbs

windows10-2004-x64

1

zapret-win...st.cmd

windows7-x64

5

zapret-win...st.cmd

windows10-2004-x64

5

zapret-win...te.cmd

windows7-x64

8

zapret-win...te.cmd

windows10-2004-x64

8

zapret-win...el.cmd

windows7-x64

8

zapret-win...el.cmd

windows10-2004-x64

8

zapret-win...rt.cmd

windows7-x64

4

zapret-win...rt.cmd

windows10-2004-x64

4

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...te.cmd

windows7-x64

1

zapret-win...te.cmd

windows10-2004-x64

1

zapret-win...ve.cmd

windows7-x64

1

zapret-win...ve.cmd

windows10-2004-x64

1

zapret-win...rt.cmd

windows7-x64

1

zapret-win...rt.cmd

windows10-2004-x64

1

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...ws.exe

windows7-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 15:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zapret-winws/task_remove.cmd

  • Size

    124B

  • MD5

    23c2e95aac5e3bc4390327a97af1afc4

  • SHA1

    e37dfa4a0c7ae50db2f787f38fa45384d388a028

  • SHA256

    26ccde6d01eb826f4cc5371925ecf771698f015ac9e905c4659acaff6fde6928

  • SHA512

    93e56f786421724c229bde84b3b46a059d06a99d934ea4250167c0d7cc2a0c9d0e0422cd7fd39131eb17a2229bd3becea88379756d4752a4931e5c671779753e

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-winws\task_remove.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:304
    • C:\Windows\system32\schtasks.exe
      schtasks /End /TN winws1
      2⤵
        PID:2456
      • C:\Windows\system32\schtasks.exe
        schtasks /Delete /TN winws1 /F
        2⤵
          PID:2416

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.