20441a64d0088854c884b477841c3067b20507540b23e568646b1d36e5cd48af

Analysis

max time kernel
50s
max time network
16s
platform
windows7_x64
resource
win7-20231201-en
resource tags

arch:x64arch:x86image:win7-20231201-enlocale:en-usos:windows7-x64system
submitted
10/12/2023, 20:36

Target

Pankoza-visuals.bat
Size

2KB
MD5

15121a080fda7e3b44ac186cd15685aa
SHA1

5bd1fb05994839ec6a045f53f4b9039a5412a532
SHA256

20441a64d0088854c884b477841c3067b20507540b23e568646b1d36e5cd48af
SHA512

7d6661538e073e0dc695fedd24e4af5ca77f50d11a7812b7b8bede7db4350f1fd1923f2240d8e006bd6a01948d60dc8f13588a577937485314efb8e9819fad15

Score

1^/10

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1664	WMIC.exe
Token: SeSecurityPrivilege	1664	WMIC.exe
Token: SeTakeOwnershipPrivilege	1664	WMIC.exe
Token: SeLoadDriverPrivilege	1664	WMIC.exe
Token: SeSystemProfilePrivilege	1664	WMIC.exe
Token: SeSystemtimePrivilege	1664	WMIC.exe
Token: SeProfSingleProcessPrivilege	1664	WMIC.exe
Token: SeIncBasePriorityPrivilege	1664	WMIC.exe
Token: SeCreatePagefilePrivilege	1664	WMIC.exe
Token: SeBackupPrivilege	1664	WMIC.exe
Token: SeRestorePrivilege	1664	WMIC.exe
Token: SeShutdownPrivilege	1664	WMIC.exe
Token: SeDebugPrivilege	1664	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1664	WMIC.exe
Token: SeRemoteShutdownPrivilege	1664	WMIC.exe
Token: SeUndockPrivilege	1664	WMIC.exe
Token: SeManageVolumePrivilege	1664	WMIC.exe
Token: 33	1664	WMIC.exe
Token: 34	1664	WMIC.exe
Token: 35	1664	WMIC.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1728	2176	cmd.exe	29
PID 2176 wrote to memory of 1728	2176	cmd.exe	29
PID 2176 wrote to memory of 1728	2176	cmd.exe	29
PID 1728 wrote to memory of 1664	1728	cmd.exe	30
PID 1728 wrote to memory of 1664	1728	cmd.exe	30
PID 1728 wrote to memory of 1664	1728	cmd.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Pankoza-visuals.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic desktopmonitor get screenwidth screenheight /Format:List
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic desktopmonitor get screenwidth screenheight /Format:List
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1664