0e25a2e9387d76b8eac636694604e6809e494b4d607fe7645175f1bb0d7f9cc3

Analysis

max time kernel
121s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

close 7.bat
Size

2KB
MD5

75b532067657ee9549a8e8981560f88d
SHA1

788451b691e75c8d366603c0fc86208efebaaa88
SHA256

0e25a2e9387d76b8eac636694604e6809e494b4d607fe7645175f1bb0d7f9cc3
SHA512

0d89586a6fa6eddb744dcc137e04fff6a60d17db7cd9b137e293ebaea98f95fad2e0b69ad9aaa83e0f97492192497d430f96f4c650cd9d63097b7dc6adb79bde

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 62 IoCs

evasion

pid	Process
2004	timeout.exe
1020	timeout.exe
836	timeout.exe
2600	timeout.exe
2504	timeout.exe
2776	timeout.exe
1964	timeout.exe
1996	timeout.exe
680	timeout.exe
780	timeout.exe
808	timeout.exe
2840	timeout.exe
1136	timeout.exe
1072	timeout.exe
584	timeout.exe
3008	timeout.exe
2588	timeout.exe
1968	timeout.exe
2580	timeout.exe
2164	timeout.exe
840	timeout.exe
2444	timeout.exe
768	timeout.exe
1092	timeout.exe
760	timeout.exe
2572	timeout.exe
1492	timeout.exe
1212	timeout.exe
2820	timeout.exe
1820	timeout.exe
592	timeout.exe
640	timeout.exe
2020	timeout.exe
2584	timeout.exe
2764	timeout.exe
1176	timeout.exe
2568	timeout.exe
2644	timeout.exe
2908	timeout.exe
2512	timeout.exe
2552	timeout.exe
2528	timeout.exe
3000	timeout.exe
848	timeout.exe
2836	timeout.exe
2852	timeout.exe
2860	timeout.exe
1660	timeout.exe
2640	timeout.exe
268	timeout.exe
1648	timeout.exe
2768	timeout.exe
3012	timeout.exe
1344	timeout.exe
3004	timeout.exe
544	timeout.exe
764	timeout.exe
2880	timeout.exe
2856	timeout.exe
2256	timeout.exe
1228	timeout.exe
2536	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2740	2712	cmd.exe	30
PID 2712 wrote to memory of 2740	2712	cmd.exe	30
PID 2712 wrote to memory of 2740	2712	cmd.exe	30
PID 2712 wrote to memory of 2680	2712	cmd.exe	32
PID 2712 wrote to memory of 2680	2712	cmd.exe	32
PID 2712 wrote to memory of 2680	2712	cmd.exe	32
PID 2712 wrote to memory of 2640	2712	cmd.exe	33
PID 2712 wrote to memory of 2640	2712	cmd.exe	33
PID 2712 wrote to memory of 2640	2712	cmd.exe	33
PID 2712 wrote to memory of 2552	2712	cmd.exe	35
PID 2712 wrote to memory of 2552	2712	cmd.exe	35
PID 2712 wrote to memory of 2552	2712	cmd.exe	35
PID 2712 wrote to memory of 2768	2712	cmd.exe	36
PID 2712 wrote to memory of 2768	2712	cmd.exe	36
PID 2712 wrote to memory of 2768	2712	cmd.exe	36
PID 2712 wrote to memory of 2572	2712	cmd.exe	37
PID 2712 wrote to memory of 2572	2712	cmd.exe	37
PID 2712 wrote to memory of 2572	2712	cmd.exe	37
PID 2712 wrote to memory of 2776	2712	cmd.exe	38
PID 2712 wrote to memory of 2776	2712	cmd.exe	38
PID 2712 wrote to memory of 2776	2712	cmd.exe	38
PID 2712 wrote to memory of 2580	2712	cmd.exe	39
PID 2712 wrote to memory of 2580	2712	cmd.exe	39
PID 2712 wrote to memory of 2580	2712	cmd.exe	39
PID 2712 wrote to memory of 2528	2712	cmd.exe	40
PID 2712 wrote to memory of 2528	2712	cmd.exe	40
PID 2712 wrote to memory of 2528	2712	cmd.exe	40
PID 2712 wrote to memory of 2536	2712	cmd.exe	41
PID 2712 wrote to memory of 2536	2712	cmd.exe	41
PID 2712 wrote to memory of 2536	2712	cmd.exe	41
PID 2712 wrote to memory of 2568	2712	cmd.exe	42
PID 2712 wrote to memory of 2568	2712	cmd.exe	42
PID 2712 wrote to memory of 2568	2712	cmd.exe	42
PID 2712 wrote to memory of 2588	2712	cmd.exe	43
PID 2712 wrote to memory of 2588	2712	cmd.exe	43
PID 2712 wrote to memory of 2588	2712	cmd.exe	43
PID 2712 wrote to memory of 2600	2712	cmd.exe	44
PID 2712 wrote to memory of 2600	2712	cmd.exe	44
PID 2712 wrote to memory of 2600	2712	cmd.exe	44
PID 2712 wrote to memory of 2644	2712	cmd.exe	45
PID 2712 wrote to memory of 2644	2712	cmd.exe	45
PID 2712 wrote to memory of 2644	2712	cmd.exe	45
PID 2712 wrote to memory of 3004	2712	cmd.exe	46
PID 2712 wrote to memory of 3004	2712	cmd.exe	46
PID 2712 wrote to memory of 3004	2712	cmd.exe	46
PID 2712 wrote to memory of 3000	2712	cmd.exe	47
PID 2712 wrote to memory of 3000	2712	cmd.exe	47
PID 2712 wrote to memory of 3000	2712	cmd.exe	47
PID 2712 wrote to memory of 3008	2712	cmd.exe	48
PID 2712 wrote to memory of 3008	2712	cmd.exe	48
PID 2712 wrote to memory of 3008	2712	cmd.exe	48
PID 2712 wrote to memory of 2164	2712	cmd.exe	49
PID 2712 wrote to memory of 2164	2712	cmd.exe	49
PID 2712 wrote to memory of 2164	2712	cmd.exe	49
PID 2712 wrote to memory of 848	2712	cmd.exe	50
PID 2712 wrote to memory of 848	2712	cmd.exe	50
PID 2712 wrote to memory of 848	2712	cmd.exe	50
PID 2712 wrote to memory of 3012	2712	cmd.exe	51
PID 2712 wrote to memory of 3012	2712	cmd.exe	51
PID 2712 wrote to memory of 3012	2712	cmd.exe	51
PID 2712 wrote to memory of 2504	2712	cmd.exe	52
PID 2712 wrote to memory of 2504	2712	cmd.exe	52
PID 2712 wrote to memory of 2504	2712	cmd.exe	52
PID 2712 wrote to memory of 2020	2712	cmd.exe	53

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2680	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\close 7.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Windows\system32\mode.com
  mode con cols=100 lines=25
  2⤵
  PID:2740
- C:\Windows\system32\attrib.exe
  attrib +h "C:\Users\Admin\AppData\Local\Temp\close 7.bat"
  2⤵
  - Views/modifies file attributes
  PID:2680
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2640
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2552
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2768
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2572
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2776
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2580
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2528
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2536
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2568
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2588
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2600
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2644
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3004
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3000
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3008
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2164
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:848
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3012
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2504
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2020
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2584
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2836
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2852
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2860
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2820
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2880
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2856
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2764
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2908
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:764
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1820
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2840
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:840
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1964
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1136
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1968
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1660
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2256
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:836
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1020
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1212
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2004
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1996
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1072
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1228
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:544
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1648
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2444
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:268
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:592
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:584
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:680
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:780
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:768
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1176
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1092
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:808
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2512
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:760
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1344
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:640
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads