Report - OW AUTO 1.bat

DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM
Created 2021.07.19 16:52 Machine s1_win7_x6401
Filename OW AUTO 1.bat
Type DOS batch file, ISO-8859 text, with CRLF line terminators
AI Score Not founds Behavior Score
ZERO API file : clean
VT API (file)
md5 8002cedb6df333b9b8c7e89fde1873f1
sha256 f77415187f95f92c31084b909d8863b8fb86e07614afeb81492ee471505feff7
ssdeep 6:h63FjqCMuvMuvMNBHGIAG4KI8AGvvMmtLvMuvM1HAGvvMuvMBbi+fvMSmm8wJ:Y3FjjMgbyQIcKVbFbbYHbbSG6zt88
  Network IP location

Signature (2cnts)

Level Description
notice Yara rule detected in process memory
info Command line console output was observed

Rules (30cnts)

Level Name Description Collection
watch Network_Downloader File Downloader memory
notice Code_injection Code injection with CreateRemoteThread in a remote process memory
notice Create_Service Create a windows service memory
notice Escalate_priviledges Escalate priviledges memory
notice KeyLogger Run a KeyLogger memory
notice local_credential_Steal Steal credential memory
notice Network_DGA Communication using DGA memory
notice Network_DNS Communications use DNS memory
notice Network_FTP Communications over FTP memory
notice Network_HTTP Communications over HTTP memory
notice Network_P2P_Win Communications over P2P network memory
notice Network_TCP_Socket Communications over RAW Socket memory
notice ScreenShot Take ScreenShot memory
notice Sniff_Audio Record Audio memory
notice Str_Win32_Http_API Match Windows Http API call memory
notice Str_Win32_Internet_API Match Windows Inet API call memory
info anti_dbg Checks if being debugged memory
info antisb_threatExpert Anti-Sandbox checks for ThreatExpert memory
info Check_Dlls (no description) memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerCheck__RemoteAPI (no description) memory
info DebuggerException__ConsoleCtrl (no description) memory
info DebuggerException__SetConsoleCtrl (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info win_hook Affect hook table memory

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure