Overview

overview

5

Static

static

3

BadZone SC...or.exe

windows11-21h2-x64

5

BadZone SC...SL.dll

windows11-21h2-x64

1

BadZone SC...rt.bat

windows11-21h2-x64

1

BadZone SC...or.exe

windows11-21h2-x64

1

BadZone SC...SL.dll

windows11-21h2-x64

1

BadZone SC...rt.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    100s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-10-2024 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BadZone SCP_SL/ENG/start.bat

  • Size

    62B

  • MD5

    019b6ed1cbc0b959f60079a7f37fb2dd

  • SHA1

    3ce5de167d13e8835b8a40017a80840c906fe075

  • SHA256

    b12c2d340a4df769f2e21496d29e510e662764b5c4086c4d29da436a792dd9a6

  • SHA512

    748a5d6949bb5d86099c2bc860681565e05bd7e9668d5648d0ae70b1676d80e431efd40105493db5c34d4a112cbba24af1abec46bee5456ff375f6fdf0497572

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\BadZone SCP_SL\ENG\start.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Users\Admin\AppData\Local\Temp\BadZone SCP_SL\ENG\Injector.exe
      Injector.exe LokiSCPSL.dll SCPSL.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads