Overview
overview
10Static
static
1(Full Pack....7.bat
windows7-x64
4(Full Pack....7.bat
windows10-2004-x64
6(Full Pack...V3.bat
windows7-x64
10(Full Pack...V3.bat
windows10-2004-x64
10(Full Pack...V2.bat
windows7-x64
1(Full Pack...V2.bat
windows10-2004-x64
8(Full Pack....1.bat
windows7-x64
10(Full Pack....1.bat
windows10-2004-x64
10(Full Pack...fi.bat
windows7-x64
1(Full Pack...fi.bat
windows10-2004-x64
1(Full Pack...ol.bat
windows7-x64
1(Full Pack...ol.bat
windows10-2004-x64
1(Full Pack...er.bat
windows7-x64
10(Full Pack...er.bat
windows10-2004-x64
10(Full Pack...ry.bat
windows7-x64
3(Full Pack...ry.bat
windows10-2004-x64
3(Full Pack...ix.bat
windows7-x64
8(Full Pack...ix.bat
windows10-2004-x64
8(Full Pack...er.bat
windows7-x64
3(Full Pack...er.bat
windows10-2004-x64
8(Full Pack...up.exe
windows7-x64
6(Full Pack...up.exe
windows10-2004-x64
6(Full Pack...er.ps1
windows7-x64
3(Full Pack...er.ps1
windows10-2004-x64
8(Full Pack...ad.url
windows7-x64
1(Full Pack...ad.url
windows10-2004-x64
1(Full Pack...nt.lnk
windows7-x64
3(Full Pack...nt.lnk
windows10-2004-x64
7(Full Pack...re.lnk
windows7-x64
3(Full Pack...re.lnk
windows10-2004-x64
7Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30-11-2024 06:26
Static task
static1
Behavioral task
behavioral1
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/1- Oneclick V6.7 (Ultimate Performance)/Oneclick V6.7.bat
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral2
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/1- Oneclick V6.7 (Ultimate Performance)/Oneclick V6.7.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/2- Orca V3/Orca V3.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/2- Orca V3/Orca V3.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/3- OrcaLIte V2/OrcaLiteV2.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/3- OrcaLIte V2/OrcaLiteV2.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/4 - Process Destroyer V2.1/Process Destroyer 2.1.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
(Full Package) One Click OPT Ver - 6.7/1- One Click OPT/4 - Process Destroyer V2.1/Process Destroyer 2.1.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/1- Wifi & Bluetooth Fixer/1- Turn On Wifi.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/1- Wifi & Bluetooth Fixer/1- Turn On Wifi.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/1- Wifi & Bluetooth Fixer/2- Windows Service Control.bat
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral12
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/1- Wifi & Bluetooth Fixer/2- Windows Service Control.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/2- Xbox Help/1- Xbox Service Enabler.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/2- Xbox Help/1- Xbox Service Enabler.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/3- Clipboard & Snipping Tool Fix/2- Enable Clipboard History.bat
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/3- Clipboard & Snipping Tool Fix/2- Enable Clipboard History.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/4- Windows Security/2- Cmd Fix.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/4- Windows Security/2- Cmd Fix.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
(Full Package) One Click OPT Ver - 6.7/3- Browser/CTT App Installer.bat
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
(Full Package) One Click OPT Ver - 6.7/3- Browser/CTT App Installer.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
(Full Package) One Click OPT Ver - 6.7/3- Browser/ChromeSetup.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
(Full Package) One Click OPT Ver - 6.7/3- Browser/ChromeSetup.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
(Full Package) One Click OPT Ver - 6.7/3- Browser/Powershell Chrome Installer.ps1
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
(Full Package) One Click OPT Ver - 6.7/3- Browser/Powershell Chrome Installer.ps1
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
(Full Package) One Click OPT Ver - 6.7/4- Nsudo/Nsudo Download.url
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
(Full Package) One Click OPT Ver - 6.7/4- Nsudo/Nsudo Download.url
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
(Full Package) One Click OPT Ver - 6.7/Defragment.lnk
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
(Full Package) One Click OPT Ver - 6.7/Defragment.lnk
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
(Full Package) One Click OPT Ver - 6.7/System Restore.lnk
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
(Full Package) One Click OPT Ver - 6.7/System Restore.lnk
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
(Full Package) One Click OPT Ver - 6.7/2- Fixer-Help/4- Windows Security/2- Cmd Fix.bat
-
Size
637B
-
MD5
b0c27ff6cfbdee082d4246d46f11b175
-
SHA1
91765f41142667d4db295a677551ac0ac4139ac3
-
SHA256
10edbde0c15470a44d8bc38a46c9dbb2b5ecfc0383a7366a084c1dfee92b2053
-
SHA512
08c20a38746e1c0d4e26687732fda4bed60157aea8efd7c31eefd44d40695530f4a7593fa3ac3189b4246d2ade113136a357c6c5640d601c79817dac3ec41ebe
Malware Config
Signatures
-
Manipulates Digital Signatures 1 TTPs 12 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople reg.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates reg.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 2840 wrote to memory of 2720 2840 cmd.exe 31 PID 2840 wrote to memory of 2720 2840 cmd.exe 31 PID 2840 wrote to memory of 2720 2840 cmd.exe 31 PID 2840 wrote to memory of 2132 2840 cmd.exe 32 PID 2840 wrote to memory of 2132 2840 cmd.exe 32 PID 2840 wrote to memory of 2132 2840 cmd.exe 32 PID 2840 wrote to memory of 2816 2840 cmd.exe 33 PID 2840 wrote to memory of 2816 2840 cmd.exe 33 PID 2840 wrote to memory of 2816 2840 cmd.exe 33 PID 2840 wrote to memory of 2712 2840 cmd.exe 34 PID 2840 wrote to memory of 2712 2840 cmd.exe 34 PID 2840 wrote to memory of 2712 2840 cmd.exe 34 PID 2840 wrote to memory of 3064 2840 cmd.exe 35 PID 2840 wrote to memory of 3064 2840 cmd.exe 35 PID 2840 wrote to memory of 3064 2840 cmd.exe 35 PID 2840 wrote to memory of 2704 2840 cmd.exe 36 PID 2840 wrote to memory of 2704 2840 cmd.exe 36 PID 2840 wrote to memory of 2704 2840 cmd.exe 36
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\(Full Package) One Click OPT Ver - 6.7\2- Fixer-Help\4- Windows Security\2- Cmd Fix.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\system32\reg.exereg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /f2⤵PID:2720
-
-
C:\Windows\system32\reg.exereg delete "HKLM\Software \Microsoft\WindowsSelfHost" /f2⤵PID:2132
-
-
C:\Windows\system32\reg.exereg delete "HKLM\Software\Policies" /f2⤵
- Manipulates Digital Signatures
PID:2816
-
-
C:\Windows\system32\reg.exereg delete "HKLM\Software\WOW6432Node\Microsoft\Policies" /f2⤵PID:2712
-
-
C:\Windows\system32\reg.exereg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" /f2⤵PID:3064
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware2⤵PID:2704
-