ac69ad3250ad752e84c8159f98e9d8d588d96f5f96a777d5223e8be812df0664

Resubmissions

18-10-2023 04:03

231018-emn2escd74 10

17-10-2023 07:05

231017-hwnzkabg22 10

Analysis

max time kernel
440s
max time network
446s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2023 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

crack.bat
Size

437B
MD5

a51b437fee4aebf29bd74891aeef687d
SHA1

6a84f5d46864397c7f3af462a560c05b98f0bbf1
SHA256

20d19db72bbef98a070a427d0431bc96bb279a8d6ee9c0e12fd548cbf71741a4
SHA512

0bc34e263639e1cafad7be1acb0502e05098c02ac97303478c85bc7765c2f1ea0e4c5ffa6d459107bc9bcff58c432964523cd83936284e89a01fe9393bbd0ad1

Score

1^/10

Malware Config

Signatures

Kills process with taskkill 12 IoCs

evasion

pid	Process
1232	taskkill.exe
2196	taskkill.exe
756	taskkill.exe
4404	taskkill.exe
4808	taskkill.exe
404	taskkill.exe
5084	taskkill.exe
1456	taskkill.exe
4692	taskkill.exe
2096	taskkill.exe
3452	taskkill.exe
4364	taskkill.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	1456	taskkill.exe
Token: SeDebugPrivilege	756	taskkill.exe
Token: SeDebugPrivilege	4404	taskkill.exe
Token: SeDebugPrivilege	4808	taskkill.exe
Token: SeDebugPrivilege	4692	taskkill.exe
Token: SeDebugPrivilege	404	taskkill.exe
Token: SeDebugPrivilege	2096	taskkill.exe
Token: SeDebugPrivilege	3452	taskkill.exe
Token: SeDebugPrivilege	4364	taskkill.exe
Token: SeDebugPrivilege	5084	taskkill.exe
Token: SeDebugPrivilege	1232	taskkill.exe
Token: SeDebugPrivilege	2196	taskkill.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 1456	728	cmd.exe	82
PID 728 wrote to memory of 1456	728	cmd.exe	82
PID 728 wrote to memory of 756	728	cmd.exe	85
PID 728 wrote to memory of 756	728	cmd.exe	85
PID 728 wrote to memory of 4404	728	cmd.exe	86
PID 728 wrote to memory of 4404	728	cmd.exe	86
PID 728 wrote to memory of 4808	728	cmd.exe	87
PID 728 wrote to memory of 4808	728	cmd.exe	87
PID 728 wrote to memory of 4692	728	cmd.exe	88
PID 728 wrote to memory of 4692	728	cmd.exe	88
PID 728 wrote to memory of 404	728	cmd.exe	89
PID 728 wrote to memory of 404	728	cmd.exe	89
PID 728 wrote to memory of 2096	728	cmd.exe	90
PID 728 wrote to memory of 2096	728	cmd.exe	90
PID 728 wrote to memory of 3452	728	cmd.exe	91
PID 728 wrote to memory of 3452	728	cmd.exe	91
PID 728 wrote to memory of 4364	728	cmd.exe	92
PID 728 wrote to memory of 4364	728	cmd.exe	92
PID 728 wrote to memory of 5084	728	cmd.exe	93
PID 728 wrote to memory of 5084	728	cmd.exe	93
PID 728 wrote to memory of 1232	728	cmd.exe	94
PID 728 wrote to memory of 1232	728	cmd.exe	94
PID 728 wrote to memory of 2196	728	cmd.exe	95
PID 728 wrote to memory of 2196	728	cmd.exe	95

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\crack.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:728
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1456
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:756
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4404
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4808
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4692
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:404
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2096
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3452
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4364
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5084
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1232
- C:\Windows\system32\taskkill.exe
  taskkill /im wscript.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2196

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads