Overview

overview

8

Static

static

3

zapret-dis...rt.dll

windows7-x64

1

zapret-dis...rt.dll

windows10-2004-x64

1

zapret-dis...64.sys

windows10-2004-x64

1

zapret-dis...n1.dll

windows7-x64

1

zapret-dis...n1.dll

windows10-2004-x64

1

zapret-dis...ws.exe

windows7-x64

1

zapret-dis...ws.exe

windows10-2004-x64

1

zapret-dis...es.bat

windows7-x64

8

zapret-dis...es.bat

windows10-2004-x64

8

zapret-dis...rd.bat

windows7-x64

8

zapret-dis...rd.bat

windows10-2004-x64

8

zapret-dis...T).bat

windows7-x64

8

zapret-dis...T).bat

windows10-2004-x64

8

zapret-dis...2).bat

windows7-x64

8

zapret-dis...2).bat

windows10-2004-x64

8

zapret-dis...3).bat

windows7-x64

8

zapret-dis...3).bat

windows10-2004-x64

8

zapret-dis...4).bat

windows7-x64

8

zapret-dis...4).bat

windows10-2004-x64

8

zapret-dis...5).bat

windows7-x64

8

zapret-dis...5).bat

windows10-2004-x64

8

zapret-dis...D).bat

windows7-x64

8

zapret-dis...D).bat

windows10-2004-x64

8

zapret-dis...�).bat

windows7-x64

8

zapret-dis...�).bat

windows10-2004-x64

8

zapret-dis...2).bat

windows7-x64

8

zapret-dis...2).bat

windows10-2004-x64

8

zapret-dis...al.bat

windows7-x64

8

zapret-dis...al.bat

windows10-2004-x64

8

zapret-dis...ll.bat

windows7-x64

8

zapret-dis...ll.bat

windows10-2004-x64

8

zapret-dis...ve.bat

windows7-x64

8

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zapret-discord-youtube-main/service_install.bat

  • Size

    3KB

  • MD5

    283f64774d027af0ae0a59ecc3397916

  • SHA1

    8be1681203250a584152f5ea024cbb1764e3cb34

  • SHA256

    e11174d83067e63382106099d9e6636ad361294f982dcad3b5cfe4479b679361

  • SHA512

    25b06ef5a6679578d39d5b44d1e788dbc8890b514b9613eee0eaf73f72ae2049aa74201049219cb2319019eb59d6db5cd732e1f4442725238869a4e41dc81da5

Score
8/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Start PowerShell.

    execution
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\service_install.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Windows\system32\chcp.com
      chcp 65001
      2⤵
        PID:2076
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -Command "Start-Process 'cmd.exe' -ArgumentList '/k \"\"C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\service_install.bat\" admin\"' -Verb RunAs"
        2⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2248
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe" /k ""C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\service_install.bat" admin"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2996
          • C:\Windows\system32\chcp.com
            chcp 65001
            4⤵
              PID:2212
            • C:\Windows\system32\chcp.com
              chcp 437
              4⤵
                PID:1592
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c powershell -command "(Invoke-WebRequest -Uri \"https://raw.githubusercontent.com/Flowseal/zapret-discord-youtube/main/.service/version.txt\" -Headers @{\"Cache-Control\"=\"no-cache\"} -TimeoutSec 5).Content.Trim()" 2>nul
                4⤵
                • Suspicious use of WriteProcessMemory
                PID:1028
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  powershell -command "(Invoke-WebRequest -Uri \"https://raw.githubusercontent.com/Flowseal/zapret-discord-youtube/main/.service/version.txt\" -Headers @{\"Cache-Control\"=\"no-cache\"} -TimeoutSec 5).Content.Trim()"
                  5⤵
                  • Command and Scripting Interpreter: PowerShell
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2712

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
          Filesize

          7KB

          MD5

          eb83b19abf6df380a695bbd03d6b6e2e

          SHA1

          539f01344cde8552735331b7148a8835c5007fa8

          SHA256

          7e11df54623ad2b0e2d824bda8675ac648c0925387cf188d38cc147859a7fa79

          SHA512

          c1cdcb3acd52d0ca709049179b917e43bac8ca9cf2bb8117f628dbfc5a9b15692bf089cc60d96f93032cbb7bdb1d52c7aaf487be0550c8f3f2c41184ec57c793

          Download Submit

        • memory/2248-4-0x000007FEF570E000-0x000007FEF570F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2248-5-0x000000001B720000-0x000000001BA02000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/2248-6-0x0000000002070000-0x0000000002078000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2248-7-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2248-8-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2248-9-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2248-10-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2248-11-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2248-12-0x000007FEF5450000-0x000007FEF5DED000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2712-18-0x00000000029F0000-0x00000000029F8000-memory.dmp

          Filesize

          32KB

          Download