4c8fcb6b003e83bedbaf64fb1e243fd1fbe246c46021b7825603e0be88f9f6a8 | Triage

Analysis

max time kernel
89s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 21:54

Sharing

Report Analysis Logs

General

Target

New folder (2)/booty.bat
Size

261B
MD5

e375b373066a17e6088c7ed7bc4d4cae
SHA1

8d6266a672a19ba55d67282175c10d7a4b954fab
SHA256

e3a79eb1c51e9500c1b502e83f04c0a7494cae836a2302d6898bbb93d6a2bd0b
SHA512

5b7aa307815d8877f654b922cf5321215c9cd2e0ef5313a5187d5b6c5fae5715757bd375718e05b1bc6192131c6b91c5c4c1c2e9d40395c32b57d5764398e73a

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

pid	Process
3664	timeout.exe

Kills process with taskkill 1 IoCs

pid	Process
4496	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4496	taskkill.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 3664	224	cmd.exe	100
PID 224 wrote to memory of 3664	224	cmd.exe	100
PID 224 wrote to memory of 4496	224	cmd.exe	101
PID 224 wrote to memory of 4496	224	cmd.exe	101

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\New folder (2)\booty.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\system32\timeout.exe
  timeout 0
  2⤵
  - Delays execution with timeout.exe
  PID:3664
- C:\Windows\system32\taskkill.exe
  taskkill.exe /f /im svchost.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads