0e25a2e9387d76b8eac636694604e6809e494b4d607fe7645175f1bb0d7f9cc3

Analysis

max time kernel
161s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

close 7.bat
Size

2KB
MD5

75b532067657ee9549a8e8981560f88d
SHA1

788451b691e75c8d366603c0fc86208efebaaa88
SHA256

0e25a2e9387d76b8eac636694604e6809e494b4d607fe7645175f1bb0d7f9cc3
SHA512

0d89586a6fa6eddb744dcc137e04fff6a60d17db7cd9b137e293ebaea98f95fad2e0b69ad9aaa83e0f97492192497d430f96f4c650cd9d63097b7dc6adb79bde

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 62 IoCs

evasion

pid	Process
4848	timeout.exe
1680	timeout.exe
3604	timeout.exe
3776	timeout.exe
4316	timeout.exe
2596	timeout.exe
2204	timeout.exe
1012	timeout.exe
4564	timeout.exe
460	timeout.exe
3752	timeout.exe
1296	timeout.exe
2344	timeout.exe
4472	timeout.exe
1936	timeout.exe
4904	timeout.exe
3176	timeout.exe
2248	timeout.exe
4740	timeout.exe
1764	timeout.exe
3420	timeout.exe
2032	timeout.exe
3648	timeout.exe
4712	timeout.exe
4880	timeout.exe
1428	timeout.exe
1256	timeout.exe
4108	timeout.exe
3036	timeout.exe
2476	timeout.exe
5028	timeout.exe
4644	timeout.exe
744	timeout.exe
4160	timeout.exe
1164	timeout.exe
1976	timeout.exe
5008	timeout.exe
4060	timeout.exe
3356	timeout.exe
4860	timeout.exe
4872	timeout.exe
4556	timeout.exe
1620	timeout.exe
4960	timeout.exe
1708	timeout.exe
660	timeout.exe
1808	timeout.exe
3808	timeout.exe
3268	timeout.exe
3248	timeout.exe
4848	timeout.exe
1448	timeout.exe
644	timeout.exe
4856	timeout.exe
5040	timeout.exe
2516	timeout.exe
2336	timeout.exe
4304	timeout.exe
4812	timeout.exe
3484	timeout.exe
2404	timeout.exe
2228	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 3160	5100	cmd.exe	88
PID 5100 wrote to memory of 3160	5100	cmd.exe	88
PID 5100 wrote to memory of 4804	5100	cmd.exe	89
PID 5100 wrote to memory of 4804	5100	cmd.exe	89
PID 5100 wrote to memory of 3036	5100	cmd.exe	92
PID 5100 wrote to memory of 3036	5100	cmd.exe	92
PID 5100 wrote to memory of 3356	5100	cmd.exe	93
PID 5100 wrote to memory of 3356	5100	cmd.exe	93
PID 5100 wrote to memory of 4812	5100	cmd.exe	94
PID 5100 wrote to memory of 4812	5100	cmd.exe	94
PID 5100 wrote to memory of 4904	5100	cmd.exe	95
PID 5100 wrote to memory of 4904	5100	cmd.exe	95
PID 5100 wrote to memory of 3420	5100	cmd.exe	97
PID 5100 wrote to memory of 3420	5100	cmd.exe	97
PID 5100 wrote to memory of 4848	5100	cmd.exe	98
PID 5100 wrote to memory of 4848	5100	cmd.exe	98
PID 5100 wrote to memory of 660	5100	cmd.exe	99
PID 5100 wrote to memory of 660	5100	cmd.exe	99
PID 5100 wrote to memory of 1164	5100	cmd.exe	100
PID 5100 wrote to memory of 1164	5100	cmd.exe	100
PID 5100 wrote to memory of 1808	5100	cmd.exe	101
PID 5100 wrote to memory of 1808	5100	cmd.exe	101
PID 5100 wrote to memory of 1976	5100	cmd.exe	102
PID 5100 wrote to memory of 1976	5100	cmd.exe	102
PID 5100 wrote to memory of 4860	5100	cmd.exe	103
PID 5100 wrote to memory of 4860	5100	cmd.exe	103
PID 5100 wrote to memory of 2204	5100	cmd.exe	104
PID 5100 wrote to memory of 2204	5100	cmd.exe	104
PID 5100 wrote to memory of 3176	5100	cmd.exe	105
PID 5100 wrote to memory of 3176	5100	cmd.exe	105
PID 5100 wrote to memory of 2344	5100	cmd.exe	106
PID 5100 wrote to memory of 2344	5100	cmd.exe	106
PID 5100 wrote to memory of 1620	5100	cmd.exe	107
PID 5100 wrote to memory of 1620	5100	cmd.exe	107
PID 5100 wrote to memory of 1012	5100	cmd.exe	108
PID 5100 wrote to memory of 1012	5100	cmd.exe	108
PID 5100 wrote to memory of 4856	5100	cmd.exe	109
PID 5100 wrote to memory of 4856	5100	cmd.exe	109
PID 5100 wrote to memory of 2248	5100	cmd.exe	112
PID 5100 wrote to memory of 2248	5100	cmd.exe	112
PID 5100 wrote to memory of 4564	5100	cmd.exe	113
PID 5100 wrote to memory of 4564	5100	cmd.exe	113
PID 5100 wrote to memory of 5040	5100	cmd.exe	114
PID 5100 wrote to memory of 5040	5100	cmd.exe	114
PID 5100 wrote to memory of 744	5100	cmd.exe	115
PID 5100 wrote to memory of 744	5100	cmd.exe	115
PID 5100 wrote to memory of 4872	5100	cmd.exe	116
PID 5100 wrote to memory of 4872	5100	cmd.exe	116
PID 5100 wrote to memory of 4472	5100	cmd.exe	117
PID 5100 wrote to memory of 4472	5100	cmd.exe	117
PID 5100 wrote to memory of 1936	5100	cmd.exe	118
PID 5100 wrote to memory of 1936	5100	cmd.exe	118
PID 5100 wrote to memory of 2476	5100	cmd.exe	119
PID 5100 wrote to memory of 2476	5100	cmd.exe	119
PID 5100 wrote to memory of 1448	5100	cmd.exe	121
PID 5100 wrote to memory of 1448	5100	cmd.exe	121
PID 5100 wrote to memory of 3808	5100	cmd.exe	122
PID 5100 wrote to memory of 3808	5100	cmd.exe	122
PID 5100 wrote to memory of 4712	5100	cmd.exe	123
PID 5100 wrote to memory of 4712	5100	cmd.exe	123
PID 5100 wrote to memory of 4960	5100	cmd.exe	124
PID 5100 wrote to memory of 4960	5100	cmd.exe	124
PID 5100 wrote to memory of 4740	5100	cmd.exe	125
PID 5100 wrote to memory of 4740	5100	cmd.exe	125

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4804	attrib.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\close 7.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\system32\mode.com
  mode con cols=100 lines=25
  2⤵
  PID:3160
- C:\Windows\system32\attrib.exe
  attrib +h "C:\Users\Admin\AppData\Local\Temp\close 7.bat"
  2⤵
  - Views/modifies file attributes
  PID:4804
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3036
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3356
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4812
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4904
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3420
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4848
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:660
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1164
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1808
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1976
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4860
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2204
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3176
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2344
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1620
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1012
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4856
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2248
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4564
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:744
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4872
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4472
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1936
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2476
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1448
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3808
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4712
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4960
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4740
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3484
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4556
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5008
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2516
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3248
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5028
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:460
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4060
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2404
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1680
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2336
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3752
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3776
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3604
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1708
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3268
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4880
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4316
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1428
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4644
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4304
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4160
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1256
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4848
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:644
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2032
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4108
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3648
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2596
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1764
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...