Overview

overview

9

Static

static

9

tox tweaki...or.exe

windows11-21h2-x64

1

tox tweaki...or.exe

windows11-21h2-x64

1

tox tweaki...CK.exe

windows11-21h2-x64

9

tox tweaki...ew.exe

windows11-21h2-x64

6

tox tweaki...up.exe

windows11-21h2-x64

1

tox tweaki...8.appx

windows11-21h2-x64

1

Microsoft.UI.Xaml.dll

windows11-21h2-x64

1

Microsoft.UI.Xaml.dll

windows11-21h2-x64

1

tox tweaki...up.exe

windows11-21h2-x64

8

tox tweaki...LG.exe

windows11-21h2-x64

1

tox tweaki...el.exe

windows11-21h2-x64

1

tox tweaki...un.exe

windows11-21h2-x64

3

Export.bat

windows11-21h2-x64

1

Import.bat

windows11-21h2-x64

1

SCEWIN_64.exe

windows11-21h2-x64

1

amifldrv64.sys

windows11-21h2-x64

1

amigendrv64.sys

windows11-21h2-x64

1

tox tweaki...64.exe

windows11-21h2-x64

1

tox tweaki...CL.exe

windows11-21h2-x64

1

tox tweaki...64.exe

windows11-21h2-x64

7

tox tweaki...64.sys

windows11-21h2-x64

1

tox tweaki...64.sys

windows11-21h2-x64

1

tox tweaki...vc.exe

windows11-21h2-x64

1

CRU/CRU.exe

windows11-21h2-x64

3

CRU/reset-all.exe

windows11-21h2-x64

3

CRU/restart.exe

windows11-21h2-x64

5

CRU/restart64.exe

windows11-21h2-x64

5

tox tweaki...on.exe

windows11-21h2-x64

1

Export.bat

windows11-21h2-x64

3

tox tweaki...ll.exe

windows11-21h2-x64

7

tox tweaki...xp.exe

windows11-21h2-x64

8

tox tweaki...tr.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-11-2024 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Export.bat

  • Size

    1KB

  • MD5

    deb75f2d9aa4afdc7ad4796778a80bb9

  • SHA1

    6df26d15bd72ba548c06b908772e836c998bf208

  • SHA256

    4b1cd4bf80557c80689d6f06b15e63a3f6a3ff66db3d8bebe237d86d82cb6e46

  • SHA512

    474e3e25c632989ff72e3822c89b9864d4172647b78d1df8d7af70f211e48308dc33065ccaf091f52f9a160f337c82c5ed791b9323e3cc81cf31d9d87c0e4ac6

Score
3/10
discovery

Malware Config

Signatures

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Export.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo AMD64 Family 6 Model 13 Stepping 2, AuthenticAMD "
      2⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:132
    • C:\Windows\system32\find.exe
      find "Intel"
      2⤵
        PID:3516

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads