fec5ba65b1fa4cf7340d739154d7491efad7eec14b4cb776db8e73e63262f54a

Analysis

max time kernel
288s
max time network
319s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.bat
Size

331B
MD5

97eeff24bf4a57d558590060fb6d932e
SHA1

b5f1689c75e3c54e1b7b8f939b98d07b6972cd65
SHA256

fec5ba65b1fa4cf7340d739154d7491efad7eec14b4cb776db8e73e63262f54a
SHA512

1ee6cd74d7cd7e28f15f4e1474e6c2966f5a0b9028b73d5c01abb6ff852c6d65016b24df5c2b1e1e0db5796c17d88025251337c41760af66ffd44b917b5ff952

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2660	2796	cmd.exe	28
PID 2796 wrote to memory of 2660	2796	cmd.exe	28
PID 2796 wrote to memory of 2660	2796	cmd.exe	28
PID 2660 wrote to memory of 2496	2660	cmd.exe	30
PID 2660 wrote to memory of 2496	2660	cmd.exe	30
PID 2660 wrote to memory of 2496	2660	cmd.exe	30
PID 2496 wrote to memory of 2556	2496	cmd.exe	32
PID 2496 wrote to memory of 2556	2496	cmd.exe	32
PID 2496 wrote to memory of 2556	2496	cmd.exe	32
PID 2556 wrote to memory of 3008	2556	cmd.exe	34
PID 2556 wrote to memory of 3008	2556	cmd.exe	34
PID 2556 wrote to memory of 3008	2556	cmd.exe	34
PID 3008 wrote to memory of 2448	3008	cmd.exe	36
PID 3008 wrote to memory of 2448	3008	cmd.exe	36
PID 3008 wrote to memory of 2448	3008	cmd.exe	36
PID 2448 wrote to memory of 2036	2448	cmd.exe	38
PID 2448 wrote to memory of 2036	2448	cmd.exe	38
PID 2448 wrote to memory of 2036	2448	cmd.exe	38
PID 2036 wrote to memory of 2844	2036	cmd.exe	40
PID 2036 wrote to memory of 2844	2036	cmd.exe	40
PID 2036 wrote to memory of 2844	2036	cmd.exe	40
PID 2844 wrote to memory of 2860	2844	cmd.exe	43
PID 2844 wrote to memory of 2860	2844	cmd.exe	43
PID 2844 wrote to memory of 2860	2844	cmd.exe	43
PID 2860 wrote to memory of 2892	2860	cmd.exe	44
PID 2860 wrote to memory of 2892	2860	cmd.exe	44
PID 2860 wrote to memory of 2892	2860	cmd.exe	44
PID 2892 wrote to memory of 1972	2892	cmd.exe	46
PID 2892 wrote to memory of 1972	2892	cmd.exe	46
PID 2892 wrote to memory of 1972	2892	cmd.exe	46
PID 1972 wrote to memory of 2532	1972	cmd.exe	48
PID 1972 wrote to memory of 2532	1972	cmd.exe	48
PID 1972 wrote to memory of 2532	1972	cmd.exe	48
PID 2532 wrote to memory of 2116	2532	cmd.exe	50
PID 2532 wrote to memory of 2116	2532	cmd.exe	50
PID 2532 wrote to memory of 2116	2532	cmd.exe	50
PID 2116 wrote to memory of 2668	2116	cmd.exe	52
PID 2116 wrote to memory of 2668	2116	cmd.exe	52
PID 2116 wrote to memory of 2668	2116	cmd.exe	52
PID 2668 wrote to memory of 2388	2668	cmd.exe	54
PID 2668 wrote to memory of 2388	2668	cmd.exe	54
PID 2668 wrote to memory of 2388	2668	cmd.exe	54
PID 2388 wrote to memory of 820	2388	cmd.exe	56
PID 2388 wrote to memory of 820	2388	cmd.exe	56
PID 2388 wrote to memory of 820	2388	cmd.exe	56
PID 820 wrote to memory of 372	820	cmd.exe	58
PID 820 wrote to memory of 372	820	cmd.exe	58
PID 820 wrote to memory of 372	820	cmd.exe	58
PID 372 wrote to memory of 476	372	cmd.exe	61
PID 372 wrote to memory of 476	372	cmd.exe	61
PID 372 wrote to memory of 476	372	cmd.exe	61
PID 476 wrote to memory of 2708	476	cmd.exe	62
PID 476 wrote to memory of 2708	476	cmd.exe	62
PID 476 wrote to memory of 2708	476	cmd.exe	62
PID 2708 wrote to memory of 1496	2708	cmd.exe	64
PID 2708 wrote to memory of 1496	2708	cmd.exe	64
PID 2708 wrote to memory of 1496	2708	cmd.exe	64
PID 1496 wrote to memory of 904	1496	cmd.exe	66
PID 1496 wrote to memory of 904	1496	cmd.exe	66
PID 1496 wrote to memory of 904	1496	cmd.exe	66
PID 904 wrote to memory of 1652	904	cmd.exe	68
PID 904 wrote to memory of 1652	904	cmd.exe	68
PID 904 wrote to memory of 1652	904	cmd.exe	68
PID 1652 wrote to memory of 108	1652	cmd.exe	70

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K 2
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K 2
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K 2
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3008
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:2860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:2892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:1972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:2532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:2116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:2668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:2388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:2708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:1652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        23⤵
        
        PID:108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        24⤵
        
        PID:2356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        25⤵
        
        PID:1572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        26⤵
        
        PID:2400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        27⤵
        
        PID:2960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        28⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        29⤵
        
        PID:1244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        30⤵
        
        PID:1860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        31⤵
        
        PID:788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        32⤵
        
        PID:1564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        33⤵
        
        PID:844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        34⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        35⤵
        
        PID:2396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        36⤵
        
        PID:1760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        37⤵
        
        PID:2216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        38⤵
        
        PID:2264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        39⤵
        
        PID:1004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        40⤵
        
        PID:2604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        41⤵
        
        PID:1492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        42⤵
        
        PID:1540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        43⤵
        
        PID:2244
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        41⤵
        
        PID:3128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        41⤵
        
        PID:3120
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        39⤵
        
        PID:3488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        39⤵
        
        PID:3480
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        35⤵
        
        PID:1292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        35⤵
        
        PID:2424
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        34⤵
        
        PID:1188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        34⤵
        
        PID:2692
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        33⤵
        
        PID:2348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        33⤵
        
        PID:840
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        31⤵
        
        PID:1616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        31⤵
        
        PID:1608
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        29⤵
        
        PID:2780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        29⤵
        
        PID:2656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        27⤵
        
        PID:1908
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        27⤵
        
        PID:2344
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        25⤵
        
        PID:2272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        25⤵
        
        PID:2576
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        17⤵
        
        PID:2252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        17⤵
        
        PID:2240
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        14⤵
        
        PID:2748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        14⤵
        
        PID:400
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        11⤵
        
        PID:1948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        11⤵
        
        PID:2248
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        10⤵
        
        PID:2924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        10⤵
        
        PID:1444
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        8⤵
        
        PID:932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        8⤵
        
        PID:944
    - - C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        5⤵
        
        PID:1924
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        5⤵
        
        PID:1372
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
  2⤵
  PID:2224
- C:\Windows\system32\shutdown.exe
  SHUTDOWN -r -t 10
  2⤵
  PID:2620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K 2
1⤵
PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K 2
  2⤵
  PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K 2
    3⤵
    PID:3604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K 2
      4⤵
      PID:3872
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        5⤵
        
        PID:4048
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        6⤵
        
        PID:1820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        7⤵
        
        PID:2260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        8⤵
        
        PID:3568
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        9⤵
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        9⤵
        
        PID:1292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        9⤵
        
        PID:3612
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        8⤵
        
        PID:4044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        8⤵
        
        PID:4012
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        7⤵
        
        PID:3528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        7⤵
        
        PID:3724
      - C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        6⤵
        
        PID:1816
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        6⤵
        
        PID:2748
    - - C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        5⤵
        
        PID:2920
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        5⤵
        
        PID:2976
  - - C:\Windows\system32\shutdown.exe
      SHUTDOWN -r -t 10
      4⤵
      PID:4028
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
      4⤵
      PID:4020
- - C:\Windows\system32\shutdown.exe
    SHUTDOWN -r -t 10
    3⤵
    PID:3848
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
    3⤵
    PID:3840
- C:\Windows\system32\shutdown.exe
  SHUTDOWN -r -t 10
  2⤵
  PID:3712
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
  2⤵
  PID:3704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K 2
1⤵
PID:4028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K 2
  2⤵
  PID:3156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K 2
    3⤵
    PID:3716
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K 2
      4⤵
      PID:2252
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        5⤵
        
        PID:3696
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        6⤵
        
        PID:1216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        7⤵
        
        PID:1000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        8⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        9⤵
        
        PID:3980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        10⤵
        
        PID:3952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        11⤵
        
        PID:2736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        12⤵
        
        PID:4252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K 2
        13⤵
        
        PID:4360
        
        C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        7⤵
        
        PID:4620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        7⤵
        
        PID:4612
      - C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        6⤵
        
        PID:4128
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        6⤵
        
        PID:4120
    - - C:\Windows\system32\shutdown.exe
        
        SHUTDOWN -r -t 10
        5⤵
        
        PID:3736
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
        5⤵
        
        PID:2344
  - - C:\Windows\system32\shutdown.exe
      SHUTDOWN -r -t 10
      4⤵
      PID:4092
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
      4⤵
      PID:3880
- - C:\Windows\system32\shutdown.exe
    SHUTDOWN -r -t 10
    3⤵
    PID:3508
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
    3⤵
    PID:3212
- C:\Windows\system32\shutdown.exe
  SHUTDOWN -r -t 10
  2⤵
  PID:4060
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
  2⤵
  PID:4000

C:\Windows\system32\shutdown.exe
SHUTDOWN -r -t 10
1⤵
PID:3684

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.org/
1⤵
PID:3664

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:3932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3932-951-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads