77e6ae4adb21785c15b5345027e002b880e5ac3488a53567a977cd8f71011d25

Analysis

max time kernel
149s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

start.bat
Size

367B
MD5

431287d8e6a9977ff7e81e517a83be8c
SHA1

276d9fa1fa4df70d63a42c187d8c14e98cbd32b1
SHA256

3a045f35813c68b06a3a681dc3b2db9589b221137e2a6a55838dbd8495c0f898
SHA512

57a4ac4ef62990b5d36ce567a8abcde78aa7cec7f6cb0392039ac09023f18fca3b11331128832aec09a50d1ba51427c3758ba97000c1d556472336fdfcc45d1f

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 64 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
1708	timeout.exe
1356	timeout.exe
1348	timeout.exe
1604	timeout.exe
1712	timeout.exe
552	timeout.exe
1788	timeout.exe
2020	timeout.exe
1236	timeout.exe
1648	timeout.exe
2000	timeout.exe
1160	timeout.exe
1668	timeout.exe
904	timeout.exe
1248	timeout.exe
1712	timeout.exe
612	timeout.exe
540	timeout.exe
1680	timeout.exe
1728	timeout.exe
1484	timeout.exe
1504	timeout.exe
2044	timeout.exe
1304	timeout.exe
1536	timeout.exe
1844	timeout.exe
284	timeout.exe
1156	timeout.exe
1744	timeout.exe
916	timeout.exe
1588	timeout.exe
1064	timeout.exe
1344	timeout.exe
864	timeout.exe
1588	timeout.exe
996	timeout.exe
1920	timeout.exe
1800	timeout.exe
1540	timeout.exe
1480	timeout.exe
520	timeout.exe
1412	timeout.exe
556	timeout.exe
832	timeout.exe
1236	timeout.exe
564	timeout.exe
832	timeout.exe
1692	timeout.exe
620	timeout.exe
552	timeout.exe
1632	timeout.exe
1624	timeout.exe
1692	timeout.exe
1980	timeout.exe
1576	timeout.exe
364	timeout.exe
1852	timeout.exe
1312	timeout.exe
556	timeout.exe
1492	timeout.exe
1584	timeout.exe
1012	timeout.exe
1680	timeout.exe
600	timeout.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

2036 taskkill.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskkill.exe

description pid process

Token: SeDebugPrivilege 2036 taskkill.exe

pid	process
2036	taskkill.exe

description	pid	process
Token: SeDebugPrivilege	2036	taskkill.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.exe

description	pid	process	target process
PID 1340 wrote to memory of 2036	1340	cmd.exe	taskkill.exe
PID 1340 wrote to memory of 2036	1340	cmd.exe	taskkill.exe
PID 1340 wrote to memory of 2036	1340	cmd.exe	taskkill.exe
PID 1340 wrote to memory of 1488	1340	cmd.exe	cmd.exe
PID 1340 wrote to memory of 1488	1340	cmd.exe	cmd.exe
PID 1340 wrote to memory of 1488	1340	cmd.exe	cmd.exe
PID 1340 wrote to memory of 552	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 552	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 552	1340	cmd.exe	timeout.exe
PID 1488 wrote to memory of 1484	1488	cmd.exe	cmd.exe
PID 1488 wrote to memory of 1484	1488	cmd.exe	cmd.exe
PID 1488 wrote to memory of 1484	1488	cmd.exe	cmd.exe
PID 1340 wrote to memory of 556	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 556	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 556	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 2020	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 2020	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 2020	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1412	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1412	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1412	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 564	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 564	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 564	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1236	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1236	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1236	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1744	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1744	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1744	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1712	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1712	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1712	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 832	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 832	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 832	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 820	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 820	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 820	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1852	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1852	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1852	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 612	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 612	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 612	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1064	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1064	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1064	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1632	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1632	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1632	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1920	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1920	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1920	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1536	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1536	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1536	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1312	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1312	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1312	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1624	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1624	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 1624	1340	cmd.exe	timeout.exe
PID 1340 wrote to memory of 540	1340	cmd.exe	timeout.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1340

C:\Windows\system32\taskkill.exe
taskkill /f /im python.exe
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K disclaimer.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:1488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
3⤵
PID:1484

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:552

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:556

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2020

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1412

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:564

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1236

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1744

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1712

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:832

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:820

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1852

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:612

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1064

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1632

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1920

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1536

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1312

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1624

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:540

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1692

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1648

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1680

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1588

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:364

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1584

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1532

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1800

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2000

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:620

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1788

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1708

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1932

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1160

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1668

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1540

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1012

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:904

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:600

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1356

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1980

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:996

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1844

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:908

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1344

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:284

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1504

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1248

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1704

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1348

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:864

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1728

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1452

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1480

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1044

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:932

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2044

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:520

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1484

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1576

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1596

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1156

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1604

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1304

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:552

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:556

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:2020

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1412

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:564

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1236

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1744

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:916

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1712

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:832

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:576

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:888

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1064

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:880

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:592

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1920

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1536

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1312

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1676

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1492

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:540

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1692

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:1648

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1680

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1588

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:364

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads