Overview

overview

1

Static

static

1

Setup.bat

windows7-x64

Setup.bat

windows10-2004-x64

Analysis

  • max time kernel
    35s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2023, 15:42

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Setup.bat

  • Size

    285B

  • MD5

    f08478481b1a3d1e44e6a3b3f0780584

  • SHA1

    9632e94489ad04d3037881a896e98ca4ef5bac5f

  • SHA256

    902e0395cebfd51936a138abaf669a22aba75c9e0bbe31e557f74f04a08d83be

  • SHA512

    7804eaff7999ae52ff81904f3985ac2fb3c437ee48476f28971887a98047b6a49d41b5467707567c109b1fa36defa00c24d327eed30c99e6f66bc6335ce13e13

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Setup.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Windows\system32\shutdown.exe
      shutdown -r -t 0
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1752
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1044
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x454
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:704
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1808

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1044-54-0x00000000027C0000-0x00000000027C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1808-55-0x00000000026E0000-0x00000000026E1000-memory.dmp

              Filesize

              4KB

              Download