c24c4d805947b473c5f9abf3fa3b2168b1aaf8b282d612d004fd60774da49193

Resubmissions

29/05/2023, 21:43

29/05/2023, 21:40

max time kernel
1792s
max time network
1610s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29/05/2023, 21:43

Target

SDIO_auto.bat
Size

845B
MD5

6b212b7437621b9da03bc0cc0652e799
SHA1

6f47859d1ecd805b94bcf7f9f4f741827494f0e6
SHA256

4db7e2a32b85f2a21ce95778b627d1454f6875ae3bf8aab90b917fab362d15d4
SHA512

3adea96c7e6e40ec4a9519b536d9d4c91d9638e9f2438e9bb4e36ea6ff7fb7fb2c91bca57c6f3850ad45336782efe910f7a10d1aebbfdc11573a2378574efcd5

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2040	SDIO_x64_R753.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2040	SDIO_x64_R753.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 1712	816	cmd.exe	29
PID 816 wrote to memory of 1712	816	cmd.exe	29
PID 816 wrote to memory of 1712	816	cmd.exe	29
PID 816 wrote to memory of 2040	816	cmd.exe	30
PID 816 wrote to memory of 2040	816	cmd.exe	30
PID 816 wrote to memory of 2040	816	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\SDIO_auto.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir /b /od "C:\Users\Admin\AppData\Local\Temp\SDIO_"x64_R"*.exe"
  2⤵
  PID:1712
- C:\Users\Admin\AppData\Local\Temp\SDIO_x64_R753.exe
  "C:\Users\Admin\AppData\Local\Temp\SDIO_x64_R753.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:2040

memory/2040-55-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/2040-67-0x0000000000400000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download