04f2dc51b49abbfd7f062e61dd2c4354b14cc269d4dff139c881ca29c57b1661 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

notepad.bat

windows11-21h2-x64

8

Sharing

General

Target

notepad.bat
Size

55B
Sample

241229-wfzb9avngn
MD5

5b97dea1baff12a2600f462c2bce1f5c
SHA1

6e7f1fcb0f39dade7c4cc6a42124f354025995d5
SHA256

04f2dc51b49abbfd7f062e61dd2c4354b14cc269d4dff139c881ca29c57b1661
SHA512

5863889d5a2d1ccc37faefb57a4ee3a852b5d4f018d7cefd6ecd55ca804784b85b1bda9d972410ef027272d5fcdf12bd35ff9ef4077aa0317f1ab618201af756

Score

8^/10

microsoft discovery execution phishing

Static task

static1

Behavioral task

behavioral1

Sample

notepad.bat

Resource

win11-20241023-en

microsoft discovery execution phishing

windows11-21h2-x64

14 signatures

900 seconds

Malware Config

Targets

- Target
  
  notepad.bat
- Size
  
  55B
- MD5
  
  5b97dea1baff12a2600f462c2bce1f5c
- SHA1
  
  6e7f1fcb0f39dade7c4cc6a42124f354025995d5
- SHA256
  
  04f2dc51b49abbfd7f062e61dd2c4354b14cc269d4dff139c881ca29c57b1661
- SHA512
  
  5863889d5a2d1ccc37faefb57a4ee3a852b5d4f018d7cefd6ecd55ca804784b85b1bda9d972410ef027272d5fcdf12bd35ff9ef4077aa0317f1ab618201af756
Score

8^/10

microsoft discovery execution phishing
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdiscoveryexecutionphishing

© 2018-2025

Terms | Privacy