Overview

overview

8

Static

static

5

zapret-winws/1.cmd

windows7-x64

5

zapret-winws/1.cmd

windows10-2004-x64

5

zapret-winws/2.cmd

windows7-x64

5

zapret-winws/2.cmd

windows10-2004-x64

5

zapret-win...rt.dll

windows7-x64

1

zapret-win...rt.dll

windows10-2004-x64

1

zapret-win...64.sys

windows10-2004-x64

1

zapret-winws/all.cmd

windows7-x64

5

zapret-winws/all.cmd

windows10-2004-x64

5

zapret-win...n1.dll

windows7-x64

5

zapret-win...n1.dll

windows10-2004-x64

5

zapret-win...or.vbs

windows7-x64

1

zapret-win...or.vbs

windows10-2004-x64

1

zapret-win...st.cmd

windows7-x64

5

zapret-win...st.cmd

windows10-2004-x64

5

zapret-win...te.cmd

windows7-x64

8

zapret-win...te.cmd

windows10-2004-x64

8

zapret-win...el.cmd

windows7-x64

8

zapret-win...el.cmd

windows10-2004-x64

8

zapret-win...rt.cmd

windows7-x64

4

zapret-win...rt.cmd

windows10-2004-x64

4

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...te.cmd

windows7-x64

1

zapret-win...te.cmd

windows10-2004-x64

1

zapret-win...ve.cmd

windows7-x64

1

zapret-win...ve.cmd

windows10-2004-x64

1

zapret-win...rt.cmd

windows7-x64

1

zapret-win...rt.cmd

windows10-2004-x64

1

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...ws.exe

windows7-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zapret-winws/task_start.cmd

  • Size

    56B

  • MD5

    bd5e60dc6bcbbf7172bfae77eba9c79c

  • SHA1

    7c675e520ef04653a1890a8074b1b19745d44757

  • SHA256

    62191a8a552eafdaab7aeecc7bb4d6a39edd311ac3d1de513414980c5cc7619a

  • SHA512

    15fa1c284c9d1c87b61b2aaa2149a7e1ee314b5512a319ce3e605054ca36d8fbd0c57868eb5206568ecc9309229682c6ab905c9be1678d2e079a800dc0f31f33

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-winws\task_start.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Windows\system32\schtasks.exe
      schtasks /Run /TN winws1
      2⤵
        PID:2784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads