9e8b49b26dedeed33cbc3689cd3d51700e92b1605a73658e5cd4e18a10352b8c

Analysis

max time kernel
150s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

link.bat
Size

1KB
MD5

63f054436fb250dab31477ed61f16eb1
SHA1

b6dc7b79e0bd76eca4d5083e8240bfa2ee08c80f
SHA256

9e8b49b26dedeed33cbc3689cd3d51700e92b1605a73658e5cd4e18a10352b8c
SHA512

f3ffd0d640d6537e2a44461ef9c52f32c7bafb2d2fc70975e5112a2b09448803853f7dcb88033ad038c248687fe6feb9b8f35bb57c5f90811d37237c1d56eeff

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 39 IoCs

evasion

pid	Process
2196	timeout.exe
1092	timeout.exe
2268	timeout.exe
2980	timeout.exe
1576	timeout.exe
3788	timeout.exe
1260	timeout.exe
4680	timeout.exe
4976	timeout.exe
1504	timeout.exe
2852	timeout.exe
4324	timeout.exe
1328	timeout.exe
2672	timeout.exe
3916	timeout.exe
4556	timeout.exe
1488	timeout.exe
4316	timeout.exe
1524	timeout.exe
1916	timeout.exe
2076	timeout.exe
4960	timeout.exe
4168	timeout.exe
4360	timeout.exe
4544	timeout.exe
4964	timeout.exe
4384	timeout.exe
932	timeout.exe
2884	timeout.exe
1428	timeout.exe
4916	timeout.exe
4300	timeout.exe
1476	timeout.exe
4924	timeout.exe
4032	timeout.exe
2652	timeout.exe
1716	timeout.exe
3812	timeout.exe
2764	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 3808	224	cmd.exe	86
PID 224 wrote to memory of 3808	224	cmd.exe	86
PID 224 wrote to memory of 4616	224	cmd.exe	87
PID 224 wrote to memory of 4616	224	cmd.exe	87
PID 224 wrote to memory of 1524	224	cmd.exe	92
PID 224 wrote to memory of 1524	224	cmd.exe	92
PID 224 wrote to memory of 2652	224	cmd.exe	95
PID 224 wrote to memory of 2652	224	cmd.exe	95
PID 224 wrote to memory of 1576	224	cmd.exe	97
PID 224 wrote to memory of 1576	224	cmd.exe	97
PID 224 wrote to memory of 1716	224	cmd.exe	98
PID 224 wrote to memory of 1716	224	cmd.exe	98
PID 224 wrote to memory of 932	224	cmd.exe	99
PID 224 wrote to memory of 932	224	cmd.exe	99
PID 224 wrote to memory of 4360	224	cmd.exe	100
PID 224 wrote to memory of 4360	224	cmd.exe	100
PID 224 wrote to memory of 1504	224	cmd.exe	101
PID 224 wrote to memory of 1504	224	cmd.exe	101
PID 224 wrote to memory of 3788	224	cmd.exe	102
PID 224 wrote to memory of 3788	224	cmd.exe	102
PID 224 wrote to memory of 2884	224	cmd.exe	103
PID 224 wrote to memory of 2884	224	cmd.exe	103
PID 224 wrote to memory of 3812	224	cmd.exe	104
PID 224 wrote to memory of 3812	224	cmd.exe	104
PID 224 wrote to memory of 1916	224	cmd.exe	105
PID 224 wrote to memory of 1916	224	cmd.exe	105
PID 224 wrote to memory of 2852	224	cmd.exe	106
PID 224 wrote to memory of 2852	224	cmd.exe	106
PID 224 wrote to memory of 2076	224	cmd.exe	107
PID 224 wrote to memory of 2076	224	cmd.exe	107
PID 224 wrote to memory of 4960	224	cmd.exe	108
PID 224 wrote to memory of 4960	224	cmd.exe	108
PID 224 wrote to memory of 2764	224	cmd.exe	109
PID 224 wrote to memory of 2764	224	cmd.exe	109
PID 224 wrote to memory of 4300	224	cmd.exe	110
PID 224 wrote to memory of 4300	224	cmd.exe	110
PID 224 wrote to memory of 1488	224	cmd.exe	111
PID 224 wrote to memory of 1488	224	cmd.exe	111
PID 224 wrote to memory of 1260	224	cmd.exe	112
PID 224 wrote to memory of 1260	224	cmd.exe	112
PID 224 wrote to memory of 4680	224	cmd.exe	113
PID 224 wrote to memory of 4680	224	cmd.exe	113
PID 224 wrote to memory of 4316	224	cmd.exe	114
PID 224 wrote to memory of 4316	224	cmd.exe	114
PID 224 wrote to memory of 2196	224	cmd.exe	116
PID 224 wrote to memory of 2196	224	cmd.exe	116
PID 224 wrote to memory of 1092	224	cmd.exe	118
PID 224 wrote to memory of 1092	224	cmd.exe	118
PID 224 wrote to memory of 2268	224	cmd.exe	119
PID 224 wrote to memory of 2268	224	cmd.exe	119
PID 224 wrote to memory of 1328	224	cmd.exe	121
PID 224 wrote to memory of 1328	224	cmd.exe	121
PID 224 wrote to memory of 2980	224	cmd.exe	122
PID 224 wrote to memory of 2980	224	cmd.exe	122
PID 224 wrote to memory of 1428	224	cmd.exe	123
PID 224 wrote to memory of 1428	224	cmd.exe	123
PID 224 wrote to memory of 4916	224	cmd.exe	125
PID 224 wrote to memory of 4916	224	cmd.exe	125
PID 224 wrote to memory of 4544	224	cmd.exe	126
PID 224 wrote to memory of 4544	224	cmd.exe	126
PID 224 wrote to memory of 1476	224	cmd.exe	127
PID 224 wrote to memory of 1476	224	cmd.exe	127
PID 224 wrote to memory of 4924	224	cmd.exe	128
PID 224 wrote to memory of 4924	224	cmd.exe	128

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4616	attrib.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\link.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\system32\mode.com
  mode con cols=800 lines=100
  2⤵
  PID:3808
- C:\Windows\system32\attrib.exe
  attrib +h C:\Users\Admin\AppData\Local\Temp\link.bat
  2⤵
  - Views/modifies file attributes
  PID:4616
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1524
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2652
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1576
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1716
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:932
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4360
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1504
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3788
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3812
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1916
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2852
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2076
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4960
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2764
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4300
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1488
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1260
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4680
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4316
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2196
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1092
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2268
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1328
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2980
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1428
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4916
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4544
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1476
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4924
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3916
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4976
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2672
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4032
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4964
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4384
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4324
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4556
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...