3eb2ef4c8a27cf98f7c566d56f28e1145c6cfd38183b5cf386e23de60ed38297

Submit
Reports

Overview

overview

Static

static

Microsoft-...IO.cmd

windows7-x64

Microsoft-...IO.cmd

windows10-2004-x64

Microsoft-...on.cmd

windows7-x64

Microsoft-...on.cmd

windows10-2004-x64

Microsoft-...on.cmd

windows7-x64

Microsoft-...on.cmd

windows10-2004-x64

Microsoft-...t.html

windows7-x64

Microsoft-...t.html

windows10-2004-x64

Microsoft-...at.dll

windows7-x64

Microsoft-...at.dll

windows10-2004-x64

Microsoft-...at.dll

windows7-x64

Microsoft-...at.dll

windows10-2004-x64

Microsoft-...at.cmd

windows7-x64

Microsoft-...at.cmd

windows10-2004-x64

Microsoft-...at.cmd

windows7-x64

Microsoft-...at.cmd

windows10-2004-x64

Microsoft-...on.cmd

windows7-x64

Microsoft-...on.cmd

windows10-2004-x64

Microsoft-...bs.cmd

windows7-x64

Microsoft-...bs.cmd

windows10-2004-x64

Microsoft-...mi.cmd

windows7-x64

Microsoft-...mi.cmd

windows10-2004-x64

Microsoft-...er.cmd

windows7-x64

Microsoft-...er.cmd

windows10-2004-x64

Microsoft-...ot.cmd

windows7-x64

Microsoft-...ot.cmd

windows10-2004-x64

Microsoft-...e.html

windows7-x64

Microsoft-...e.html

windows10-2004-x64

Analysis

max time kernel
121s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 08:42

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/All-In-One-Version/MAS_AIO.cmd

Resource

win7-20231020-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/All-In-One-Version/MAS_AIO.cmd

Resource

win10v2004-20231020-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activators/HWID_Activation.cmd

Resource

win7-20231025-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activators/HWID_Activation.cmd

Resource

win10v2004-20231023-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activators/KMS38_Activation.cmd

Resource

win7-20231020-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activators/KMS38_Activation.cmd

Resource

win10v2004-20231020-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.html

Resource

win7-20231023-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral8

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.html

Resource

win10v2004-20231020-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral9

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.dll

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.cmd

Resource

win7-20231020-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral14

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.cmd

Resource

win10v2004-20231025-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral15

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.cmd

Resource

win7-20231020-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.cmd

Resource

win10v2004-20231020-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Change_Edition.cmd

Resource

win7-20231023-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral18

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Change_Edition.cmd

Resource

win10v2004-20231023-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Check-Activation-Status-vbs.cmd

Resource

win7-20231025-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral20

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Check-Activation-Status-vbs.cmd

Resource

win10v2004-20231023-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral21

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Check-Activation-Status-wmi.cmd

Resource

win7-20231020-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral22

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Check-Activation-Status-wmi.cmd

Resource

win10v2004-20231023-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral23

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Extract_OEM_Folder.cmd

Resource

win7-20231020-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Extract_OEM_Folder.cmd

Resource

win10v2004-20231020-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral25

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Troubleshoot.cmd

Resource

win7-20231023-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Troubleshoot.cmd

Resource

win10v2004-20231023-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/_ReadMe.html

Resource

win7-20231020-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral28

Sample

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/_ReadMe.html

Resource

win10v2004-20231023-en

windows10-2004-x64

5 signatures

150 seconds

Report Analysis Logs

General

Target

Microsoft-Activation-Scripts-2.2/Microsoft-Activation-Scripts-2.2/MAS/Separate-Files-Version/Activat.dll
Size

9KB
MD5

8ae2553e91fcad5c9fb1b89f9dd803bd
SHA1

246730f83669d3460283c2a71b00c6ad93ebc87b
SHA256

e6ac83560c19ec7eb868c50ea97ea0ed5632a397a9f43c17e24e6de4a694d118
SHA512

2aa075ec134bc9359904b8ca174c3d1b002c87b5e7e50773c86f6b7d3a1654907dac49f906729c90cd1653cf97c32923c89451a0d9543d8a8b3cd66f0bb29251
SSDEEP

192:eRUEV7qv9X/XCXmXUgXjZo0ZfeXCXnyEJ1cNMBye+qTx1G:eR3uvy2EpS8l

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2368	2912	rundll32.exe	86
PID 2912 wrote to memory of 2368	2912	rundll32.exe	86
PID 2912 wrote to memory of 2368	2912	rundll32.exe	86

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft-Activation-Scripts-2.2\Microsoft-Activation-Scripts-2.2\MAS\Separate-Files-Version\Activat.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft-Activation-Scripts-2.2\Microsoft-Activation-Scripts-2.2\MAS\Separate-Files-Version\Activat.dll,#1
  2⤵
  PID:2368

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads