Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/01/2025, 19:34

General

  • Target

    project ligma and stigma builder.bat

  • Size

    2KB

  • MD5

    6395d6d88d9f2c4c6c45b22d56d3d6f2

  • SHA1

    09a1d50baec6030ddc44e1566c458cc5a85c2adf

  • SHA256

    8a4bffce8c62437df3f629c3f460cbf3022bd7e99b62b1ca850b94c220fbe3c7

  • SHA512

    f3724f48e8566ec1fa43778e0603facf1d6baa35eb5b1838860704f8820ea14081c8eef1b477217bfcb7bb66bb0fbaf03cb7bd53a50cc9b5d4aab71dafff6568

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\project ligma and stigma builder.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:872
    • C:\Windows\system32\mode.com
      mode con:cols=50 lines=2
      2⤵
        PID:5520
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c mshta.exe "C:\Users\Admin\AppData\Local\Temp\project ligma and stigma builder.bat"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3212
        • C:\Windows\system32\mshta.exe
          mshta.exe "C:\Users\Admin\AppData\Local\Temp\project ligma and stigma builder.bat"
          3⤵
          • Blocklisted process makes network request
          PID:5644

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads