Overview

overview

7

Static

static

3

Boost Bot ... ].zip

windows7-x64

1

Boost Bot ... ].zip

windows10-2004-x64

1

Boost Bot.exe

windows7-x64

7

Boost Bot.exe

windows10-2004-x64

7

boosts.json

windows7-x64

3

boosts.json

windows10-2004-x64

3

config.yaml

windows7-x64

3

config.yaml

windows10-2004-x64

3

data/faile...s.json

windows7-x64

3

data/faile...s.json

windows10-2004-x64

3

run.bat

windows7-x64

7

run.bat

windows10-2004-x64

7

setup_guide.md

windows7-x64

3

setup_guide.md

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2025 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    run.bat

  • Size

    192B

  • MD5

    180b822f774459ee5a6a74abf7e81e4a

  • SHA1

    0e535886d713371bd62c3e9d48b57268f2dfabf0

  • SHA256

    7c68d4e748350d7c1738dbec8bf1d7823e075168022283f1447799374fb969c0

  • SHA512

    e78a5b64b33fdf425d921b0ac7809a3e0c3617630c50336e544ccaebb76aed91a936f306c7c40e29dda7420dd27e581b2a1b2e70c78ad5ce0ccc54bf3fb0c580

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates processes with tasklist 1 TTPs 3 IoCs
    discovery
  • Delays execution with timeout.exe 3 IoCs
    defense_evasion
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 51 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe
      "Boost Bot.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Users\Admin\AppData\Local\Temp\onefile_2700_133829280084230000\main.exe
        "C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1636
    • C:\Windows\system32\timeout.exe
      timeout /t 5 /nobreak
      2⤵
      • Delays execution with timeout.exe
      PID:2880
    • C:\Windows\system32\tasklist.exe
      tasklist /FI "IMAGENAME eq Boost Bot.exe"
      2⤵
      • Enumerates processes with tasklist
      • Suspicious use of AdjustPrivilegeToken
      PID:1596
    • C:\Windows\system32\find.exe
      find /i /n "Boost Bot.exe"
      2⤵
        PID:1080
      • C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe
        "Boost Bot.exe"
        2⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1600
        • C:\Users\Admin\AppData\Local\Temp\onefile_1600_133829280491546000\main.exe
          "C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1812
      • C:\Windows\system32\timeout.exe
        timeout /t 5 /nobreak
        2⤵
        • Delays execution with timeout.exe
        PID:2724
      • C:\Windows\system32\tasklist.exe
        tasklist /FI "IMAGENAME eq Boost Bot.exe"
        2⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:2116
      • C:\Windows\system32\find.exe
        find /i /n "Boost Bot.exe"
        2⤵
          PID:2388
        • C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe
          "Boost Bot.exe"
          2⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:3000
          • C:\Users\Admin\AppData\Local\Temp\onefile_3000_133829280940358000\main.exe
            "C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:896
        • C:\Windows\system32\timeout.exe
          timeout /t 5 /nobreak
          2⤵
          • Delays execution with timeout.exe
          PID:2224
        • C:\Windows\system32\tasklist.exe
          tasklist /FI "IMAGENAME eq Boost Bot.exe"
          2⤵
          • Enumerates processes with tasklist
          • Suspicious use of AdjustPrivilegeToken
          PID:2220
        • C:\Windows\system32\find.exe
          find /i /n "Boost Bot.exe"
          2⤵
            PID:2432
          • C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe
            "Boost Bot.exe"
            2⤵
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1672
            • C:\Users\Admin\AppData\Local\Temp\onefile_1672_133829281471694000\main.exe
              "C:\Users\Admin\AppData\Local\Temp\Boost Bot.exe"
              3⤵
              • Executes dropped EXE
              PID:1072

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\onefile_2700_133829280084230000\python310.dll
          Filesize

          4.3MB

          MD5

          5fdbe140614b71c20d11cabdfe810319

          SHA1

          2b54711b3eb94ddc4c3939d201bed36b23fdc9d9

          SHA256

          f8b2dae29233dfe3a954559740207b3edf46b297ffccaf988d55980bfe92fb7a

          SHA512

          08f193536bae4d3ab081acd25d3e54c5b62b8d28e46e469c1b90d6431de2d6658943afe1d9dd5702d2265694c4967afa1a3c1b10f94d0482bd85a8431bac93bc

          Download Submit

        • \Users\Admin\AppData\Local\Temp\onefile_2700_133829280084230000\main.exe
          Filesize

          41.4MB

          MD5

          9413b61bd7383c2640d380097f8f2f8e

          SHA1

          5156ac4b1e24a7bf0b7dc21dc63b98d39256f709

          SHA256

          ed69a3a70158667897f575754b44003fccbfb21cad35d15840d95bf66a7f1602

          SHA512

          e5a28f48923ffe63814450322a293a5cb4febad0d833451f7b8b63b42f7613c73fd3b6acb94209816d06377bd8d5181f6af679f8d7e3c423b840ba2e17271742

          Download Submit

        • memory/896-347-0x0000000140000000-0x0000000142970000-memory.dmp

          Filesize

          41.4MB

          Download

        • memory/1600-237-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/1600-236-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/1600-235-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/1600-231-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/1636-112-0x0000000140000000-0x0000000142970000-memory.dmp

          Filesize

          41.4MB

          Download

        • memory/1812-230-0x0000000140000000-0x0000000142970000-memory.dmp

          Filesize

          41.4MB

          Download

        • memory/2700-110-0x00000000772E0000-0x0000000077489000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2700-3-0x00000000772E0000-0x0000000077489000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2700-119-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/2700-120-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/2700-122-0x00000000772E0000-0x0000000077489000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2700-121-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/2700-116-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/2700-117-0x00000000772E0000-0x0000000077489000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2700-0-0x0000000077331000-0x0000000077332000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2700-118-0x00000000772E0000-0x0000000077489000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2700-2-0x00000000772E0000-0x0000000077489000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2700-1-0x00000000772E0000-0x0000000077489000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3000-342-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/3000-351-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/3000-352-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/3000-353-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download

        • memory/3000-354-0x0000000140000000-0x0000000143325000-memory.dmp

          Filesize

          51.1MB

          Download