Overview

overview

6

Static

static

1

StormalPin...r3.bat

windows7-x64

4

StormalPin...r3.bat

windows10-2004-x64

6

Analysis

  • max time kernel
    95s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    StormalPingOptimizer3.bat

  • Size

    23KB

  • MD5

    3969cbc19100bf1395d260fe1b0042c2

  • SHA1

    9e861adf987e3976bd530ed0ace794505e36be46

  • SHA256

    0de38bfd80074a77b5e35dcce88f897a89a00d2c65bcbe7757eec9260e4ac218

  • SHA512

    f3ca0522c387197cfa9de3f2ce9ee5137294c2c1a7890c3fcb2593b861c0b5aaadddc769805a8a90628ffe9cb00f221c47d8a74797f51f4b73d94daa2caf07f5

  • SSDEEP

    384:POZplr56yGuQRaIMYQ8//5zYAq62N71CnzkclqBkPKqoKHKDKOK8KIK8XKBK2KHH:4GuQRaIMYQ8//5zYAq62fhbIg

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\StormalPingOptimizer3.bat"
    1⤵
    • System Network Configuration Discovery: Internet Connection Discovery
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\system32\mode.com
      mode con: cols=160 lines=80
      2⤵
        PID:4432
      • C:\Windows\system32\fltMC.exe
        fltmc
        2⤵
          PID:3620
        • C:\Windows\system32\sc.exe
          sc query "WinDefend"
          2⤵
          • Launches sc.exe
          PID:1852
        • C:\Windows\system32\find.exe
          find "STATE"
          2⤵
            PID:3404
          • C:\Windows\system32\find.exe
            find "RUNNING"
            2⤵
              PID:4900
            • C:\Windows\system32\curl.exe
              curl -s -L "https://github.com/QuakedK/Downloads/raw/main/DelayDestroyerTools.zip" -o "C:\\Delay Destroyer Tools.zip"
              2⤵
                PID:3856
              • C:\Windows\system32\timeout.exe
                timeout 1
                2⤵
                • Delays execution with timeout.exe
                PID:2912
              • C:\Windows\system32\tar.exe
                tar -xf "C:\\Delay Destroyer Tools.zip" --strip-components=1
                2⤵
                  PID:4420
                • C:\Windows\system32\chcp.com
                  chcp 65001
                  2⤵
                    PID:1976
                  • C:\Windows\system32\timeout.exe
                    timeout 2
                    2⤵
                    • Delays execution with timeout.exe
                    PID:3528
                  • C:\Windows\system32\chcp.com
                    chcp 65001
                    2⤵
                      PID:3196

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Delay Destroyer Tools.zip
                    Filesize

                    61KB

                    MD5

                    a37d8156540348a1066a1c92610bf064

                    SHA1

                    5d0c564df8ab50c3ceef30dedacc5fcdb657d8f7

                    SHA256

                    0afe0a002a7471f0a26ccd202010e22f6c1af7fd89814622376734143c791717

                    SHA512

                    97c9bd1ded1f7698fec44c4ceb2af09005061f855bb68fe5e7f789a7c89e43b4fb1651764b4f0a1633f270996132751f256c3f19269a04baefa5765f673facbb

                    Download Submit