7b24e48664a611ba242402e4c8af4e106b0a854ab1309edb7fd986b7fe3a2362

Analysis

max time kernel
72s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

y.bat
Size

855B
MD5

b4613a83781d298f56a80467ef3df872
SHA1

9a8a97e122529f7898fabeff6f4c405fabb3509b
SHA256

7b24e48664a611ba242402e4c8af4e106b0a854ab1309edb7fd986b7fe3a2362
SHA512

6ba4dbce5ec7c69643cae1b618dd75fc46d0bf3a5168a51fff18eacf2e7c5dc2657b4533dad3c0919b2370d63939a5f7e4a5dbc5a28d8b3234ac18210f477993

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 28 IoCs

evasion

pid	Process
3512	timeout.exe
3452	timeout.exe
648	timeout.exe
1492	timeout.exe
1472	timeout.exe
4572	timeout.exe
2492	timeout.exe
400	timeout.exe
3808	timeout.exe
1936	timeout.exe
4856	timeout.exe
4588	timeout.exe
4928	timeout.exe
2904	timeout.exe
60	timeout.exe
1476	timeout.exe
3312	timeout.exe
4568	timeout.exe
4204	timeout.exe
3768	timeout.exe
4264	timeout.exe
2996	timeout.exe
932	timeout.exe
1876	timeout.exe
3448	timeout.exe
2040	timeout.exe
4048	timeout.exe
1596	timeout.exe

Suspicious use of WriteProcessMemory 56 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 4588	216	cmd.exe	88
PID 216 wrote to memory of 4588	216	cmd.exe	88
PID 216 wrote to memory of 2040	216	cmd.exe	89
PID 216 wrote to memory of 2040	216	cmd.exe	89
PID 216 wrote to memory of 4928	216	cmd.exe	92
PID 216 wrote to memory of 4928	216	cmd.exe	92
PID 216 wrote to memory of 4048	216	cmd.exe	95
PID 216 wrote to memory of 4048	216	cmd.exe	95
PID 216 wrote to memory of 2996	216	cmd.exe	99
PID 216 wrote to memory of 2996	216	cmd.exe	99
PID 216 wrote to memory of 648	216	cmd.exe	100
PID 216 wrote to memory of 648	216	cmd.exe	100
PID 216 wrote to memory of 2904	216	cmd.exe	102
PID 216 wrote to memory of 2904	216	cmd.exe	102
PID 216 wrote to memory of 3512	216	cmd.exe	103
PID 216 wrote to memory of 3512	216	cmd.exe	103
PID 216 wrote to memory of 1472	216	cmd.exe	104
PID 216 wrote to memory of 1472	216	cmd.exe	104
PID 216 wrote to memory of 4568	216	cmd.exe	105
PID 216 wrote to memory of 4568	216	cmd.exe	105
PID 216 wrote to memory of 3452	216	cmd.exe	108
PID 216 wrote to memory of 3452	216	cmd.exe	108
PID 216 wrote to memory of 4204	216	cmd.exe	109
PID 216 wrote to memory of 4204	216	cmd.exe	109
PID 216 wrote to memory of 1596	216	cmd.exe	110
PID 216 wrote to memory of 1596	216	cmd.exe	110
PID 216 wrote to memory of 3768	216	cmd.exe	111
PID 216 wrote to memory of 3768	216	cmd.exe	111
PID 216 wrote to memory of 3808	216	cmd.exe	112
PID 216 wrote to memory of 3808	216	cmd.exe	112
PID 216 wrote to memory of 932	216	cmd.exe	113
PID 216 wrote to memory of 932	216	cmd.exe	113
PID 216 wrote to memory of 1936	216	cmd.exe	114
PID 216 wrote to memory of 1936	216	cmd.exe	114
PID 216 wrote to memory of 60	216	cmd.exe	115
PID 216 wrote to memory of 60	216	cmd.exe	115
PID 216 wrote to memory of 4572	216	cmd.exe	116
PID 216 wrote to memory of 4572	216	cmd.exe	116
PID 216 wrote to memory of 4856	216	cmd.exe	117
PID 216 wrote to memory of 4856	216	cmd.exe	117
PID 216 wrote to memory of 1476	216	cmd.exe	118
PID 216 wrote to memory of 1476	216	cmd.exe	118
PID 216 wrote to memory of 3312	216	cmd.exe	119
PID 216 wrote to memory of 3312	216	cmd.exe	119
PID 216 wrote to memory of 1876	216	cmd.exe	120
PID 216 wrote to memory of 1876	216	cmd.exe	120
PID 216 wrote to memory of 3448	216	cmd.exe	121
PID 216 wrote to memory of 3448	216	cmd.exe	121
PID 216 wrote to memory of 2492	216	cmd.exe	122
PID 216 wrote to memory of 2492	216	cmd.exe	122
PID 216 wrote to memory of 4264	216	cmd.exe	123
PID 216 wrote to memory of 4264	216	cmd.exe	123
PID 216 wrote to memory of 1492	216	cmd.exe	125
PID 216 wrote to memory of 1492	216	cmd.exe	125
PID 216 wrote to memory of 400	216	cmd.exe	126
PID 216 wrote to memory of 400	216	cmd.exe	126

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\y.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4588
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2040
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4048
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2996
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:648
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2904
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3512
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1472
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4568
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3452
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4204
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1596
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3768
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3808
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:932
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1936
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:60
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4572
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4856
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1476
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3312
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1876
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3448
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2492
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4264
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1492
- C:\Windows\system32\timeout.exe
  timeout /t 1 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:400

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads