a089021c756a9d5d27b26256f47be38df0129a6d5bd8f631c4c896a7b482c0fa

Analysis

max time kernel
119s
max time network
143s
platform
windows7_x64
resource
win7-20230824-en
resource tags

arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
submitted
31/08/2023, 08:58

Target

Win(x32_x64)_S-YXG50/1.登録用/vstmididrv の登録バッチ.bat
Size

685B
MD5

4d3d8dbe3f730a6eb850a6e9cd93e249
SHA1

d3bb3488b13d15f7df6589b9765613a3365b9dc2
SHA256

a087cbdfdc46dc0785f4ca00e848c35652e8e8ecd30676abcca44f77d811d5e7
SHA512

2cd57606e3f11487cd3923e7c1a2d58ee14cfe41b9326e138a86634d049bc20e05f53be212da899b5eb0051212991af1e5e676ad46d7fcf6f5ab66d005453319

Score

6^/10

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\__vstmididrv\desktop.ini	Robocopy.exe
File created	C:\Users\Admin\AppData\Local\Temp\__vstmididrv\desktop.ini	Robocopy.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeBackupPrivilege	2128	Robocopy.exe
Token: SeRestorePrivilege	2128	Robocopy.exe
Token: SeSecurityPrivilege	2128	Robocopy.exe
Token: SeTakeOwnershipPrivilege	2128	Robocopy.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2128	2528	cmd.exe	30
PID 2528 wrote to memory of 2128	2528	cmd.exe	30
PID 2528 wrote to memory of 2128	2528	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Win(x32_x64)_S-YXG50\1.登録用\vstmididrv の登録バッチ.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\system32\Robocopy.exe
  robocopy _\__vstmididrv C:\Users\Admin\AppData\Local\Temp\__vstmididrv /s /e
  2⤵
  - Drops desktop.ini file(s)
  - Suspicious use of AdjustPrivilegeToken
  PID:2128

C:\Users\Admin\AppData\Local\Temp\Win(x32_x64)_S-YXG50\1.登録用\_\__vstmididrv\vstmididrv é╠ôoÿ^âoâbâ`.bat

Filesize
351B

MD5
ecfb820b7573385ccbca2f3d5ac2d60b

SHA1
eb33f640d45ed0d794300511cdf771660d24bf88

SHA256
a347b330f5eab907e7d3de617778b460fffe6c2693a87bc9c727c3346394badc

SHA512
51304fdde1b45c1fd7b0210dc05c30e1937746407142f3027b13f097e26eb4e66fe226d98b84aaf593903ea91608efba28daaaeb0e1fab0b05619a0158eb211d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__vstmididrv\vstmididrv é╠ôoÿ^âoâbâ`.bat

Filesize
351B

MD5
ecfb820b7573385ccbca2f3d5ac2d60b

SHA1
eb33f640d45ed0d794300511cdf771660d24bf88

SHA256
a347b330f5eab907e7d3de617778b460fffe6c2693a87bc9c727c3346394badc

SHA512
51304fdde1b45c1fd7b0210dc05c30e1937746407142f3027b13f097e26eb4e66fe226d98b84aaf593903ea91608efba28daaaeb0e1fab0b05619a0158eb211d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__vstmididrv\vstmididrv_32\vstmididrv の登録バッチ.bat

Filesize
4KB

MD5
ee7a7b63307d0dac1428f3addc11c792

SHA1
44c12bd33094f03398a77379e45708165bbd6bae

SHA256
a01694fe6256fc93d5c17a632a5c9f9e68f54722750db3f47743b78430786496

SHA512
fe2013d610288dedadcbeb14cc99b8ec2d61a7bf15221080a75a295522d8ef6616f36b9ff5926111268c18f3097f4ffccee2f0a24f780b097aac36dd4059b4d5

Download Submit