08a7be0887e79b230ade807b0cd4217b305e7744db096d614b1d512670dcb8b4

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

close 5.bat
Size

2KB
MD5

340b825f5e52b5b8f046588880330343
SHA1

d840ba5349de2eea8f1c9a0c3513dc291fdc4917
SHA256

08a7be0887e79b230ade807b0cd4217b305e7744db096d614b1d512670dcb8b4
SHA512

f4601108da3d8c5bbb08d397d9d87220911858109d775d0860be9f57ada6c82595b51bc68f38031ba3147b4b0b19d560965fc7ee246babde665e2d7a0681de4e

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 62 IoCs

evasion

pid	Process
1000	timeout.exe
2112	timeout.exe
2460	timeout.exe
2184	timeout.exe
2876	timeout.exe
1960	timeout.exe
2000	timeout.exe
2424	timeout.exe
620	timeout.exe
1204	timeout.exe
612	timeout.exe
2860	timeout.exe
748	timeout.exe
520	timeout.exe
2732	timeout.exe
2208	timeout.exe
1684	timeout.exe
476	timeout.exe
624	timeout.exe
1932	timeout.exe
2380	timeout.exe
932	timeout.exe
1528	timeout.exe
2848	timeout.exe
780	timeout.exe
2316	timeout.exe
1812	timeout.exe
3060	timeout.exe
656	timeout.exe
1096	timeout.exe
2988	timeout.exe
2016	timeout.exe
1820	timeout.exe
2516	timeout.exe
2748	timeout.exe
1756	timeout.exe
1608	timeout.exe
1816	timeout.exe
1492	timeout.exe
1644	timeout.exe
2900	timeout.exe
2756	timeout.exe
2288	timeout.exe
1996	timeout.exe
864	timeout.exe
2392	timeout.exe
1800	timeout.exe
2452	timeout.exe
2504	timeout.exe
1376	timeout.exe
2768	timeout.exe
1792	timeout.exe
1472	timeout.exe
2416	timeout.exe
2180	timeout.exe
944	timeout.exe
1468	timeout.exe
2484	timeout.exe
1156	timeout.exe
832	timeout.exe
576	timeout.exe
1940	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2968	1740	cmd.exe	29
PID 1740 wrote to memory of 2968	1740	cmd.exe	29
PID 1740 wrote to memory of 2968	1740	cmd.exe	29
PID 1740 wrote to memory of 2572	1740	cmd.exe	30
PID 1740 wrote to memory of 2572	1740	cmd.exe	30
PID 1740 wrote to memory of 2572	1740	cmd.exe	30
PID 1740 wrote to memory of 2452	1740	cmd.exe	35
PID 1740 wrote to memory of 2452	1740	cmd.exe	35
PID 1740 wrote to memory of 2452	1740	cmd.exe	35
PID 1740 wrote to memory of 2460	1740	cmd.exe	36
PID 1740 wrote to memory of 2460	1740	cmd.exe	36
PID 1740 wrote to memory of 2460	1740	cmd.exe	36
PID 1740 wrote to memory of 2184	1740	cmd.exe	37
PID 1740 wrote to memory of 2184	1740	cmd.exe	37
PID 1740 wrote to memory of 2184	1740	cmd.exe	37
PID 1740 wrote to memory of 2504	1740	cmd.exe	38
PID 1740 wrote to memory of 2504	1740	cmd.exe	38
PID 1740 wrote to memory of 2504	1740	cmd.exe	38
PID 1740 wrote to memory of 2516	1740	cmd.exe	39
PID 1740 wrote to memory of 2516	1740	cmd.exe	39
PID 1740 wrote to memory of 2516	1740	cmd.exe	39
PID 1740 wrote to memory of 2860	1740	cmd.exe	40
PID 1740 wrote to memory of 2860	1740	cmd.exe	40
PID 1740 wrote to memory of 2860	1740	cmd.exe	40
PID 1740 wrote to memory of 2900	1740	cmd.exe	41
PID 1740 wrote to memory of 2900	1740	cmd.exe	41
PID 1740 wrote to memory of 2900	1740	cmd.exe	41
PID 1740 wrote to memory of 2484	1740	cmd.exe	42
PID 1740 wrote to memory of 2484	1740	cmd.exe	42
PID 1740 wrote to memory of 2484	1740	cmd.exe	42
PID 1740 wrote to memory of 3060	1740	cmd.exe	43
PID 1740 wrote to memory of 3060	1740	cmd.exe	43
PID 1740 wrote to memory of 3060	1740	cmd.exe	43
PID 1740 wrote to memory of 2876	1740	cmd.exe	44
PID 1740 wrote to memory of 2876	1740	cmd.exe	44
PID 1740 wrote to memory of 2876	1740	cmd.exe	44
PID 1740 wrote to memory of 1156	1740	cmd.exe	45
PID 1740 wrote to memory of 1156	1740	cmd.exe	45
PID 1740 wrote to memory of 1156	1740	cmd.exe	45
PID 1740 wrote to memory of 2180	1740	cmd.exe	46
PID 1740 wrote to memory of 2180	1740	cmd.exe	46
PID 1740 wrote to memory of 2180	1740	cmd.exe	46
PID 1740 wrote to memory of 656	1740	cmd.exe	47
PID 1740 wrote to memory of 656	1740	cmd.exe	47
PID 1740 wrote to memory of 656	1740	cmd.exe	47
PID 1740 wrote to memory of 476	1740	cmd.exe	48
PID 1740 wrote to memory of 476	1740	cmd.exe	48
PID 1740 wrote to memory of 476	1740	cmd.exe	48
PID 1740 wrote to memory of 2424	1740	cmd.exe	49
PID 1740 wrote to memory of 2424	1740	cmd.exe	49
PID 1740 wrote to memory of 2424	1740	cmd.exe	49
PID 1740 wrote to memory of 932	1740	cmd.exe	50
PID 1740 wrote to memory of 932	1740	cmd.exe	50
PID 1740 wrote to memory of 932	1740	cmd.exe	50
PID 1740 wrote to memory of 748	1740	cmd.exe	51
PID 1740 wrote to memory of 748	1740	cmd.exe	51
PID 1740 wrote to memory of 748	1740	cmd.exe	51
PID 1740 wrote to memory of 1960	1740	cmd.exe	52
PID 1740 wrote to memory of 1960	1740	cmd.exe	52
PID 1740 wrote to memory of 1960	1740	cmd.exe	52
PID 1740 wrote to memory of 520	1740	cmd.exe	53
PID 1740 wrote to memory of 520	1740	cmd.exe	53
PID 1740 wrote to memory of 520	1740	cmd.exe	53
PID 1740 wrote to memory of 832	1740	cmd.exe	54

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2572	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\close 5.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\system32\mode.com
  mode con cols=200 lines=25
  2⤵
  PID:2968
- C:\Windows\system32\attrib.exe
  attrib +h "C:\Users\Admin\AppData\Local\Temp\close 5.bat"
  2⤵
  - Views/modifies file attributes
  PID:2572
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2452
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2460
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2184
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2504
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2516
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2860
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2900
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2484
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3060
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2876
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1156
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2180
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:656
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:476
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2424
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:932
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:748
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1960
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:520
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:832
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1000
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1528
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:576
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1096
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:624
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1376
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:620
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2732
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2748
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2768
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2756
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2848
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2112
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2988
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2288
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2016
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1996
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:944
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1472
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2316
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:864
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:780
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1756
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1820
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1608
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1812
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1792
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1204
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2000
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2208
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1684
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2392
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2380
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1816
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1800
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2416
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1940
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:612
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1468
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1492
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads