5efb6ff5c700dd7298464544bdfbc5d8a5acf064b44c4b315bdc00d61d5e7f9f

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2023, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bright.bat
Size

173B
MD5

ec02226458566ffd6df13b0beca8e88f
SHA1

8388db422813c103683761e6a804d498af80d307
SHA256

5efb6ff5c700dd7298464544bdfbc5d8a5acf064b44c4b315bdc00d61d5e7f9f
SHA512

833e08c9ec502f3a4f125b65f939ea4a3f33a020c321a7f81405eb69b43ec6ec90c41a1df712fd59c1465e70ea4f3ee9c2b3e71ad542a38f6b323e626886789e

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 5 IoCs

evasion

pid	Process
4152	timeout.exe
4776	timeout.exe
4820	timeout.exe
4568	timeout.exe
1404	timeout.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4208	powercfg.exe
Token: SeCreatePagefilePrivilege	4208	powercfg.exe
Token: SeShutdownPrivilege	3456	powercfg.exe
Token: SeCreatePagefilePrivilege	3456	powercfg.exe
Token: SeShutdownPrivilege	4176	powercfg.exe
Token: SeCreatePagefilePrivilege	4176	powercfg.exe
Token: SeShutdownPrivilege	4132	powercfg.exe
Token: SeCreatePagefilePrivilege	4132	powercfg.exe
Token: SeShutdownPrivilege	1620	powercfg.exe
Token: SeCreatePagefilePrivilege	1620	powercfg.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 4208	4320	cmd.exe	80
PID 4320 wrote to memory of 4208	4320	cmd.exe	80
PID 4320 wrote to memory of 4152	4320	cmd.exe	81
PID 4320 wrote to memory of 4152	4320	cmd.exe	81
PID 4320 wrote to memory of 3456	4320	cmd.exe	82
PID 4320 wrote to memory of 3456	4320	cmd.exe	82
PID 4320 wrote to memory of 4776	4320	cmd.exe	83
PID 4320 wrote to memory of 4776	4320	cmd.exe	83
PID 4320 wrote to memory of 4176	4320	cmd.exe	84
PID 4320 wrote to memory of 4176	4320	cmd.exe	84
PID 4320 wrote to memory of 4820	4320	cmd.exe	85
PID 4320 wrote to memory of 4820	4320	cmd.exe	85
PID 4320 wrote to memory of 4132	4320	cmd.exe	90
PID 4320 wrote to memory of 4132	4320	cmd.exe	90
PID 4320 wrote to memory of 4568	4320	cmd.exe	91
PID 4320 wrote to memory of 4568	4320	cmd.exe	91
PID 4320 wrote to memory of 1620	4320	cmd.exe	94
PID 4320 wrote to memory of 1620	4320	cmd.exe	94
PID 4320 wrote to memory of 1404	4320	cmd.exe	95
PID 4320 wrote to memory of 1404	4320	cmd.exe	95

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bright.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Windows\system32\powercfg.exe
  powercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 99
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4208
- C:\Windows\system32\timeout.exe
  timeout /t 5 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4152
- C:\Windows\system32\powercfg.exe
  powercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 39
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3456
- C:\Windows\system32\timeout.exe
  timeout /t 5 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4776
- C:\Windows\system32\powercfg.exe
  powercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 75
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4176
- C:\Windows\system32\timeout.exe
  timeout /t 5 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4820
- C:\Windows\system32\powercfg.exe
  powercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 88
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4132
- C:\Windows\system32\timeout.exe
  timeout /t 5 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4568
- C:\Windows\system32\powercfg.exe
  powercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 16
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1620
- C:\Windows\system32\timeout.exe
  timeout /t 5 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1404

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads