fd7dcfa517d789c8704c08c5d1ba4f17b4847da0972c705ec164a8d01692c5ec

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pc-checker-main/start.bat
Size

664B
MD5

4eb24a33e1103e57618ff575a083918a
SHA1

369d1081dc4be591d6b3a20b87023caee94168d4
SHA256

ed7f055858501ba1154b856699bb3724b954348ecb68c227c9fe8e5723bb525b
SHA512

129afaf6cb4c29f35629df9feba28cc90e738a6a9a5fe99261c89b622bde133a57e07f5512c54f4a49d5ef19c39584d718e28214a6bcdbffd6c076e2ee34e111

Score

8^/10

dropper

Malware Config

Signatures

Download via BitsAdmin 1 TTPs 1 IoCs
dropper

BITS Jobs
T1197

Processes:

bitsadmin.exe

pid process

316 bitsadmin.exe

pid	process
316	bitsadmin.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2092 wrote to memory of 316	2092	cmd.exe	bitsadmin.exe
PID 2092 wrote to memory of 316	2092	cmd.exe	bitsadmin.exe
PID 2092 wrote to memory of 316	2092	cmd.exe	bitsadmin.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\pc-checker-main\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\system32\bitsadmin.exe
  bitsadmin /transfer "T├⌐l├⌐chargement_NodeJS" https://nodejs.org/dist/v20.11.1/node-v20.11.1-x64.msi "C:\Users\Admin\AppData\Local\Temp\pc-checker-main\node_installer.msi"
  2⤵
  - Download via BitsAdmin
  PID:316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

T1197

Privilege Escalation

Defense Evasion

BITS Jobs

T1197

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads