Analysis
-
max time kernel
62s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
23/04/2023, 16:35
Static task
static1
Behavioral task
behavioral1
Sample
fps.bat
Resource
win7-20230220-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
fps.bat
Resource
win10v2004-20230221-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
fps.bat
-
Size
29B
-
MD5
49a6cf4096b1bec50576f9eadbc828f6
-
SHA1
1d68726df68b66e6b0da2a416d64a5b9d5132172
-
SHA256
a870394a2decbbb35e6374327c99caa29e37fc422966327c225d1aad147bec00
-
SHA512
6bf727d2c3aac7464f68c9594f10e7d43b0d54d40cbca6c5468d17172099b0c96aaadc5311e0033b8583d2b7298a5f1de02bea80f138e9569d0c22b411babd50
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1740 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 1740 taskmgr.exe Token: 33 1064 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1064 AUDIODG.EXE Token: 33 1064 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1064 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 31 IoCs
pid Process 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe -
Suspicious use of SendNotifyMessage 31 IoCs
pid Process 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe 1740 taskmgr.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\fps.bat"1⤵PID:1724
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1740
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:900
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1e01⤵
- Suspicious use of AdjustPrivilegeToken
PID:1064