9e8b49b26dedeed33cbc3689cd3d51700e92b1605a73658e5cd4e18a10352b8c

Analysis

max time kernel
117s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

link.bat
Size

1KB
MD5

63f054436fb250dab31477ed61f16eb1
SHA1

b6dc7b79e0bd76eca4d5083e8240bfa2ee08c80f
SHA256

9e8b49b26dedeed33cbc3689cd3d51700e92b1605a73658e5cd4e18a10352b8c
SHA512

f3ffd0d640d6537e2a44461ef9c52f32c7bafb2d2fc70975e5112a2b09448803853f7dcb88033ad038c248687fe6feb9b8f35bb57c5f90811d37237c1d56eeff

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 62 IoCs

evasion

pid	Process
2768	timeout.exe
2860	timeout.exe
2648	timeout.exe
2656	timeout.exe
2632	timeout.exe
2896	timeout.exe
1600	timeout.exe
2728	timeout.exe
2348	timeout.exe
804	timeout.exe
3048	timeout.exe
2564	timeout.exe
1536	timeout.exe
1668	timeout.exe
1572	timeout.exe
2640	timeout.exe
2504	timeout.exe
2020	timeout.exe
2660	timeout.exe
2772	timeout.exe
2792	timeout.exe
2188	timeout.exe
1724	timeout.exe
2744	timeout.exe
2480	timeout.exe
1928	timeout.exe
2880	timeout.exe
824	timeout.exe
2776	timeout.exe
2684	timeout.exe
1612	timeout.exe
2788	timeout.exe
2900	timeout.exe
2752	timeout.exe
3040	timeout.exe
3060	timeout.exe
2872	timeout.exe
2644	timeout.exe
2760	timeout.exe
1332	timeout.exe
2404	timeout.exe
2816	timeout.exe
2836	timeout.exe
2148	timeout.exe
2716	timeout.exe
1740	timeout.exe
2628	timeout.exe
2004	timeout.exe
2964	timeout.exe
2980	timeout.exe
2612	timeout.exe
536	timeout.exe
1616	timeout.exe
1664	timeout.exe
1672	timeout.exe
1792	timeout.exe
2320	timeout.exe
2800	timeout.exe
792	timeout.exe
2540	timeout.exe
2876	timeout.exe
2856	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2952	1712	cmd.exe	29
PID 1712 wrote to memory of 2952	1712	cmd.exe	29
PID 1712 wrote to memory of 2952	1712	cmd.exe	29
PID 1712 wrote to memory of 2696	1712	cmd.exe	30
PID 1712 wrote to memory of 2696	1712	cmd.exe	30
PID 1712 wrote to memory of 2696	1712	cmd.exe	30
PID 1712 wrote to memory of 1724	1712	cmd.exe	31
PID 1712 wrote to memory of 1724	1712	cmd.exe	31
PID 1712 wrote to memory of 1724	1712	cmd.exe	31
PID 1712 wrote to memory of 2644	1712	cmd.exe	33
PID 1712 wrote to memory of 2644	1712	cmd.exe	33
PID 1712 wrote to memory of 2644	1712	cmd.exe	33
PID 1712 wrote to memory of 2716	1712	cmd.exe	34
PID 1712 wrote to memory of 2716	1712	cmd.exe	34
PID 1712 wrote to memory of 2716	1712	cmd.exe	34
PID 1712 wrote to memory of 2728	1712	cmd.exe	35
PID 1712 wrote to memory of 2728	1712	cmd.exe	35
PID 1712 wrote to memory of 2728	1712	cmd.exe	35
PID 1712 wrote to memory of 2744	1712	cmd.exe	36
PID 1712 wrote to memory of 2744	1712	cmd.exe	36
PID 1712 wrote to memory of 2744	1712	cmd.exe	36
PID 1712 wrote to memory of 2980	1712	cmd.exe	37
PID 1712 wrote to memory of 2980	1712	cmd.exe	37
PID 1712 wrote to memory of 2980	1712	cmd.exe	37
PID 1712 wrote to memory of 2648	1712	cmd.exe	38
PID 1712 wrote to memory of 2648	1712	cmd.exe	38
PID 1712 wrote to memory of 2648	1712	cmd.exe	38
PID 1712 wrote to memory of 2640	1712	cmd.exe	39
PID 1712 wrote to memory of 2640	1712	cmd.exe	39
PID 1712 wrote to memory of 2640	1712	cmd.exe	39
PID 1712 wrote to memory of 1740	1712	cmd.exe	40
PID 1712 wrote to memory of 1740	1712	cmd.exe	40
PID 1712 wrote to memory of 1740	1712	cmd.exe	40
PID 1712 wrote to memory of 2760	1712	cmd.exe	41
PID 1712 wrote to memory of 2760	1712	cmd.exe	41
PID 1712 wrote to memory of 2760	1712	cmd.exe	41
PID 1712 wrote to memory of 2628	1712	cmd.exe	42
PID 1712 wrote to memory of 2628	1712	cmd.exe	42
PID 1712 wrote to memory of 2628	1712	cmd.exe	42
PID 1712 wrote to memory of 2504	1712	cmd.exe	43
PID 1712 wrote to memory of 2504	1712	cmd.exe	43
PID 1712 wrote to memory of 2504	1712	cmd.exe	43
PID 1712 wrote to memory of 2004	1712	cmd.exe	44
PID 1712 wrote to memory of 2004	1712	cmd.exe	44
PID 1712 wrote to memory of 2004	1712	cmd.exe	44
PID 1712 wrote to memory of 2964	1712	cmd.exe	45
PID 1712 wrote to memory of 2964	1712	cmd.exe	45
PID 1712 wrote to memory of 2964	1712	cmd.exe	45
PID 1712 wrote to memory of 2612	1712	cmd.exe	46
PID 1712 wrote to memory of 2612	1712	cmd.exe	46
PID 1712 wrote to memory of 2612	1712	cmd.exe	46
PID 1712 wrote to memory of 2656	1712	cmd.exe	47
PID 1712 wrote to memory of 2656	1712	cmd.exe	47
PID 1712 wrote to memory of 2656	1712	cmd.exe	47
PID 1712 wrote to memory of 2900	1712	cmd.exe	48
PID 1712 wrote to memory of 2900	1712	cmd.exe	48
PID 1712 wrote to memory of 2900	1712	cmd.exe	48
PID 1712 wrote to memory of 2752	1712	cmd.exe	49
PID 1712 wrote to memory of 2752	1712	cmd.exe	49
PID 1712 wrote to memory of 2752	1712	cmd.exe	49
PID 1712 wrote to memory of 3048	1712	cmd.exe	50
PID 1712 wrote to memory of 3048	1712	cmd.exe	50
PID 1712 wrote to memory of 3048	1712	cmd.exe	50
PID 1712 wrote to memory of 2020	1712	cmd.exe	51

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2696	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\link.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\system32\mode.com
  mode con cols=800 lines=100
  2⤵
  PID:2952
- C:\Windows\system32\attrib.exe
  attrib +h C:\Users\Admin\AppData\Local\Temp\link.bat
  2⤵
  - Views/modifies file attributes
  PID:2696
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1724
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2644
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2728
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2744
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2980
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2648
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2640
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1740
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2760
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2628
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2504
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2004
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2964
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2612
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2656
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2900
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2752
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3048
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2020
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2632
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2660
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2684
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3040
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2540
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2320
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2348
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3060
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2480
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1928
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:824
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1612
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2880
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2896
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2800
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2816
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2792
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2564
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2876
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1672
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2836
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1792
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2148
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:804
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2188
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1332
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2772
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1600
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:792
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:536
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1616
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1668
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1664
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1572
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2404
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1536
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2776
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2788
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2768
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2856
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2860
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...