Analysis
-
max time kernel
91s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2023, 10:20
Static task
static1
Behavioral task
behavioral1
Sample
bright.bat
Resource
win7-20230220-en
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
bright.bat
Resource
win10v2004-20230220-en
3 signatures
150 seconds
General
-
Target
bright.bat
-
Size
173B
-
MD5
ec02226458566ffd6df13b0beca8e88f
-
SHA1
8388db422813c103683761e6a804d498af80d307
-
SHA256
5efb6ff5c700dd7298464544bdfbc5d8a5acf064b44c4b315bdc00d61d5e7f9f
-
SHA512
833e08c9ec502f3a4f125b65f939ea4a3f33a020c321a7f81405eb69b43ec6ec90c41a1df712fd59c1465e70ea4f3ee9c2b3e71ad542a38f6b323e626886789e
Score
1/10
Malware Config
Signatures
-
Delays execution with timeout.exe 5 IoCs
pid Process 4152 timeout.exe 4776 timeout.exe 4820 timeout.exe 4568 timeout.exe 1404 timeout.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeShutdownPrivilege 4208 powercfg.exe Token: SeCreatePagefilePrivilege 4208 powercfg.exe Token: SeShutdownPrivilege 3456 powercfg.exe Token: SeCreatePagefilePrivilege 3456 powercfg.exe Token: SeShutdownPrivilege 4176 powercfg.exe Token: SeCreatePagefilePrivilege 4176 powercfg.exe Token: SeShutdownPrivilege 4132 powercfg.exe Token: SeCreatePagefilePrivilege 4132 powercfg.exe Token: SeShutdownPrivilege 1620 powercfg.exe Token: SeCreatePagefilePrivilege 1620 powercfg.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 4320 wrote to memory of 4208 4320 cmd.exe 80 PID 4320 wrote to memory of 4208 4320 cmd.exe 80 PID 4320 wrote to memory of 4152 4320 cmd.exe 81 PID 4320 wrote to memory of 4152 4320 cmd.exe 81 PID 4320 wrote to memory of 3456 4320 cmd.exe 82 PID 4320 wrote to memory of 3456 4320 cmd.exe 82 PID 4320 wrote to memory of 4776 4320 cmd.exe 83 PID 4320 wrote to memory of 4776 4320 cmd.exe 83 PID 4320 wrote to memory of 4176 4320 cmd.exe 84 PID 4320 wrote to memory of 4176 4320 cmd.exe 84 PID 4320 wrote to memory of 4820 4320 cmd.exe 85 PID 4320 wrote to memory of 4820 4320 cmd.exe 85 PID 4320 wrote to memory of 4132 4320 cmd.exe 90 PID 4320 wrote to memory of 4132 4320 cmd.exe 90 PID 4320 wrote to memory of 4568 4320 cmd.exe 91 PID 4320 wrote to memory of 4568 4320 cmd.exe 91 PID 4320 wrote to memory of 1620 4320 cmd.exe 94 PID 4320 wrote to memory of 1620 4320 cmd.exe 94 PID 4320 wrote to memory of 1404 4320 cmd.exe 95 PID 4320 wrote to memory of 1404 4320 cmd.exe 95
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bright.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4320 -
C:\Windows\system32\powercfg.exepowercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 992⤵
- Suspicious use of AdjustPrivilegeToken
PID:4208
-
-
C:\Windows\system32\timeout.exetimeout /t 5 /nobreak2⤵
- Delays execution with timeout.exe
PID:4152
-
-
C:\Windows\system32\powercfg.exepowercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 392⤵
- Suspicious use of AdjustPrivilegeToken
PID:3456
-
-
C:\Windows\system32\timeout.exetimeout /t 5 /nobreak2⤵
- Delays execution with timeout.exe
PID:4776
-
-
C:\Windows\system32\powercfg.exepowercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 752⤵
- Suspicious use of AdjustPrivilegeToken
PID:4176
-
-
C:\Windows\system32\timeout.exetimeout /t 5 /nobreak2⤵
- Delays execution with timeout.exe
PID:4820
-
-
C:\Windows\system32\powercfg.exepowercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 882⤵
- Suspicious use of AdjustPrivilegeToken
PID:4132
-
-
C:\Windows\system32\timeout.exetimeout /t 5 /nobreak2⤵
- Delays execution with timeout.exe
PID:4568
-
-
C:\Windows\system32\powercfg.exepowercfg /SetDCValueIndex SCHEME_CURRENT SUB_VIDEO VIDEOBRIGHTNESS 162⤵
- Suspicious use of AdjustPrivilegeToken
PID:1620
-
-
C:\Windows\system32\timeout.exetimeout /t 5 /nobreak2⤵
- Delays execution with timeout.exe
PID:1404
-