Overview

overview

10

Static

static

10

Akrien pre....0.exe

windows7-x64

6

Akrien pre....0.exe

windows10-2004-x64

6

crack.bat

windows7-x64

7

crack.bat

windows10-2004-x64

1

Resubmissions

18-10-2023 04:03

231018-emn2escd74 10

17-10-2023 07:05

231017-hwnzkabg22 10

Analysis

  • max time kernel
    31s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2023 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    crack.bat

  • Size

    437B

  • MD5

    a51b437fee4aebf29bd74891aeef687d

  • SHA1

    6a84f5d46864397c7f3af462a560c05b98f0bbf1

  • SHA256

    20d19db72bbef98a070a427d0431bc96bb279a8d6ee9c0e12fd548cbf71741a4

  • SHA512

    0bc34e263639e1cafad7be1acb0502e05098c02ac97303478c85bc7765c2f1ea0e4c5ffa6d459107bc9bcff58c432964523cd83936284e89a01fe9393bbd0ad1

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 12 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\crack.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4104
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2404
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1932
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2196
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3704
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3792
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3408
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2816
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2140
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1856
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4260
    • C:\Windows\system32\taskkill.exe
      taskkill /im wscript.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads