eecfb748d248176a1f10065aa663b9dae518169bec30606eb36cd88447279499

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

correcciom.bat
Size

3KB
MD5

aabb64a01450d4f6fe44b45fd60e1764
SHA1

37f377754b765ee4ea38f01e85d87d179901fb7e
SHA256

eecfb748d248176a1f10065aa663b9dae518169bec30606eb36cd88447279499
SHA512

7129edc0f122c3fadcc637bc710093273dcd0208b93858017cafdeac1bd924ab6fc750e906e8edf46f9f04b937289ef09a34be2ae389bc2202583dcdc37746d6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1476	WMIC.exe
Token: SeSecurityPrivilege	1476	WMIC.exe
Token: SeTakeOwnershipPrivilege	1476	WMIC.exe
Token: SeLoadDriverPrivilege	1476	WMIC.exe
Token: SeSystemProfilePrivilege	1476	WMIC.exe
Token: SeSystemtimePrivilege	1476	WMIC.exe
Token: SeProfSingleProcessPrivilege	1476	WMIC.exe
Token: SeIncBasePriorityPrivilege	1476	WMIC.exe
Token: SeCreatePagefilePrivilege	1476	WMIC.exe
Token: SeBackupPrivilege	1476	WMIC.exe
Token: SeRestorePrivilege	1476	WMIC.exe
Token: SeShutdownPrivilege	1476	WMIC.exe
Token: SeDebugPrivilege	1476	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1476	WMIC.exe
Token: SeRemoteShutdownPrivilege	1476	WMIC.exe
Token: SeUndockPrivilege	1476	WMIC.exe
Token: SeManageVolumePrivilege	1476	WMIC.exe
Token: 33	1476	WMIC.exe
Token: 34	1476	WMIC.exe
Token: 35	1476	WMIC.exe
Token: 36	1476	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1476	WMIC.exe
Token: SeSecurityPrivilege	1476	WMIC.exe
Token: SeTakeOwnershipPrivilege	1476	WMIC.exe
Token: SeLoadDriverPrivilege	1476	WMIC.exe
Token: SeSystemProfilePrivilege	1476	WMIC.exe
Token: SeSystemtimePrivilege	1476	WMIC.exe
Token: SeProfSingleProcessPrivilege	1476	WMIC.exe
Token: SeIncBasePriorityPrivilege	1476	WMIC.exe
Token: SeCreatePagefilePrivilege	1476	WMIC.exe
Token: SeBackupPrivilege	1476	WMIC.exe
Token: SeRestorePrivilege	1476	WMIC.exe
Token: SeShutdownPrivilege	1476	WMIC.exe
Token: SeDebugPrivilege	1476	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1476	WMIC.exe
Token: SeRemoteShutdownPrivilege	1476	WMIC.exe
Token: SeUndockPrivilege	1476	WMIC.exe
Token: SeManageVolumePrivilege	1476	WMIC.exe
Token: 33	1476	WMIC.exe
Token: 34	1476	WMIC.exe
Token: 35	1476	WMIC.exe
Token: 36	1476	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4296	WMIC.exe
Token: SeSecurityPrivilege	4296	WMIC.exe
Token: SeTakeOwnershipPrivilege	4296	WMIC.exe
Token: SeLoadDriverPrivilege	4296	WMIC.exe
Token: SeSystemProfilePrivilege	4296	WMIC.exe
Token: SeSystemtimePrivilege	4296	WMIC.exe
Token: SeProfSingleProcessPrivilege	4296	WMIC.exe
Token: SeIncBasePriorityPrivilege	4296	WMIC.exe
Token: SeCreatePagefilePrivilege	4296	WMIC.exe
Token: SeBackupPrivilege	4296	WMIC.exe
Token: SeRestorePrivilege	4296	WMIC.exe
Token: SeShutdownPrivilege	4296	WMIC.exe
Token: SeDebugPrivilege	4296	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4296	WMIC.exe
Token: SeRemoteShutdownPrivilege	4296	WMIC.exe
Token: SeUndockPrivilege	4296	WMIC.exe
Token: SeManageVolumePrivilege	4296	WMIC.exe
Token: 33	4296	WMIC.exe
Token: 34	4296	WMIC.exe
Token: 35	4296	WMIC.exe
Token: 36	4296	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4296	WMIC.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 4884	224	cmd.exe	89
PID 224 wrote to memory of 4884	224	cmd.exe	89
PID 4884 wrote to memory of 1476	4884	cmd.exe	90
PID 4884 wrote to memory of 1476	4884	cmd.exe	90
PID 4884 wrote to memory of 1684	4884	cmd.exe	91
PID 4884 wrote to memory of 1684	4884	cmd.exe	91
PID 224 wrote to memory of 4680	224	cmd.exe	93
PID 224 wrote to memory of 4680	224	cmd.exe	93
PID 4680 wrote to memory of 4296	4680	cmd.exe	95
PID 4680 wrote to memory of 4296	4680	cmd.exe	95
PID 4680 wrote to memory of 408	4680	cmd.exe	94
PID 4680 wrote to memory of 408	4680	cmd.exe	94
PID 224 wrote to memory of 1952	224	cmd.exe	98
PID 224 wrote to memory of 1952	224	cmd.exe	98

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\correcciom.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic csproduct get UUID /value | find "="
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic csproduct get UUID /value
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1476
- - C:\Windows\system32\find.exe
    find "="
    3⤵
    PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic baseboard get SerialNumber /value | find "="
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Windows\system32\find.exe
    find "="
    3⤵
    PID:408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic baseboard get SerialNumber /value
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4296
- C:\Windows\system32\fc.exe
  fc HWID-1.txt HWID-2.txt
  2⤵
  PID:1952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HWID-1.txt

Filesize
45B

MD5
f605c8de60095ddf2c03bc7222fc178f

SHA1
3b8c5283a52984851f53dd6a35b30e614a45aa3d

SHA256
a9f0bd56e2bdce20938b6f0029ab368333faf22094788a854de6a502b6842dfc

SHA512
0cfed4170324e960ce711a849b3d4f838a87465d079b1ee7967c51a746a4fcaafa2b89a150923c9b01b235b1fcfedadad94ca3906b3e266fd5d6432f1a6403ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\HWID-2.TXT

Filesize
36B

MD5
610daa27d26f84799b5f526467cb74ef

SHA1
360883ffc6e3a5058118431414d495930d8445da

SHA256
033df3d2a8d25948d0b2336e1de096ad76aa647a216dedceb9c0ff63921ab9fd

SHA512
0ded5b1760bee0f566c9f8592fe00f7d4c724c1d6c8e768d426a1963ca29e3c517f0912a930f3b013cfb3530334464b5cc8bf51a2a6c1940c02386455e935592

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads