Overview

overview

6

Static

static

3

Launcher.bat

windows10-1703-x64

6

compiler.exe

windows10-1703-x64

3

lua51.dll

windows10-1703-x64

3

Resubmissions

13/10/2024, 20:30

241013-zalezs1fmn 6

13/10/2024, 20:28

241013-y86cdaxalb 6

Analysis

  • max time kernel
    55s
  • max time network
    59s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/10/2024, 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launcher.bat

  • Size

    5KB

  • MD5

    79e427676f790a73c7eace4401235a43

  • SHA1

    522b5b923e6711bbdeff463f95b863c724a16593

  • SHA256

    199066e589da3542f2540d91dccdb512561d2241ecc1199ca9fe4131566954f3

  • SHA512

    5e8383871e2397ee4eccf11f2494f9196655961ddb941681e8574158dcfa19d11f42ffc97f418f5129479fddb2570e7bf3347eb8aff1d8657ea6d3b61804b804

  • SSDEEP

    3:LjdIV9ZbLRJFFaR2/+ZFBW6:FIRI9FV

Score
6/10
discovery

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Launcher.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Users\Admin\AppData\Local\Temp\compiler.exe
      compiler.exe conf.txt
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:64
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /sc daily /st 11:20 /f /tn ApplicationExperienceAnalysis_ODA3 /tr ""C:\Users\Admin\AppData\Local\ODA3\ODA3.exe" "C:\Users\Admin\AppData\Local\ODA3\conf.txt""
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:3564
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /sc daily /st 11:20 /f /tn Setup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:3080
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\DisconnectFind.mht
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4608 CREDAT:82945 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1408
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1932
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4844

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/64-0-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-10-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-63-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-15-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-62-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-85-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/64-84-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/64-61-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-60-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-58-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-59-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-57-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-53-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-56-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-55-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-54-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-52-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-51-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-50-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-49-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-48-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-47-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-46-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-45-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-44-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-43-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-42-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-41-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-40-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-39-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-35-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-34-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-33-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-32-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-31-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-30-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-29-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-28-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-27-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-26-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-25-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-24-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-23-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-22-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-21-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-20-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-19-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-18-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-17-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-16-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-14-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-12-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-9-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-8-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-7-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-6-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-5-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-4-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-3-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-2-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-1-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-38-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-37-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-36-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-13-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-11-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-170-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1932-190-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-187-0x00007FFD6B1A5000-0x00007FFD6B1A6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1932-191-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-193-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-195-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-194-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-198-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-197-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-196-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-199-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-204-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-207-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-208-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-206-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-203-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-202-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-205-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-449-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-465-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download