Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
15-01-2023 11:17
Static task
static1
Behavioral task
behavioral1
Sample
0 - Piriform-BlockerKeyVerificator_RunAsAdministrator.cmd
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0 - Piriform-BlockerKeyVerificator_RunAsAdministrator.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
CCleaner_Patch22.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
CCleaner_Patch22.exe
Resource
win10v2004-20221111-en
General
-
Target
0 - Piriform-BlockerKeyVerificator_RunAsAdministrator.cmd
-
Size
4KB
-
MD5
6ba5c46261ff52e7438f21ccef5f8c7e
-
SHA1
acdf309fbfebecb7a93b78068fc1498fae4d9e62
-
SHA256
f7d87d0a3977d9ed4ed6eaa2da2fe2aea9564f58cf062f828dec0aa21d9ec11e
-
SHA512
106b05fbeca31c78e5e5f33cbd62580aac1b4ef781a78ac2cbe80f92eb01f75beeaa480772dcf2f9f2bbea178e681aff2247dd3d08387b35ca507b90b4a5cc43
-
SSDEEP
96:zGXTD6E4YsQlPtYyjZW0vQH5aROc37gC9r2of6:zeDn4YsQlPtYyjZW0vQH5aROc37gC9rA
Malware Config
Signatures
-
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 3032 timeout.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
cmd.exedescription pid process target process PID 4212 wrote to memory of 2192 4212 cmd.exe fltMC.exe PID 4212 wrote to memory of 2192 4212 cmd.exe fltMC.exe PID 4212 wrote to memory of 3032 4212 cmd.exe timeout.exe PID 4212 wrote to memory of 3032 4212 cmd.exe timeout.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\0 - Piriform-BlockerKeyVerificator_RunAsAdministrator.cmd"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\fltMC.exefltmc2⤵
-
C:\Windows\system32\timeout.exetimeout -12⤵
- Delays execution with timeout.exe