f1a398113ad169cb462ffeb52eaf0e95085bf27e5e7eed458e57dd81953bcd0b

Analysis

max time kernel
117s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 17:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3 - Оптимизация Windows/11 - Rebuild Performance Counters (Запустить от име.cmd
Size

128B
MD5

ce34b00fb9217b954d5423aeddd113a0
SHA1

0567474124488fdf55c2054c5b6d5571cc90f1a8
SHA256

79115bf604bd018c3599082f1820d2ce973b7938c5a7112bde18117f3c408bf4
SHA512

607700a02ac82b07b584ebd3c1e0c919b85ac49e4741b6609fb514dcfc3686760a376b660ccdf67072304d9a5f964a8eb6463bd0cfa19370eb06dedd029f049a

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 24 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh011.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfc007.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfc007.dat	lodctr.exe
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfh011.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2812	2680	cmd.exe	30
PID 2680 wrote to memory of 2812	2680	cmd.exe	30
PID 2680 wrote to memory of 2812	2680	cmd.exe	30
PID 2680 wrote to memory of 1800	2680	cmd.exe	31
PID 2680 wrote to memory of 1800	2680	cmd.exe	31
PID 2680 wrote to memory of 1800	2680	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\3 - Оптимизация Windows\11 - Rebuild Performance Counters (Запустить от име.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:2812
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\perfc007.dat

Filesize
42KB

MD5
8cfa7073b5c98c2acddcd29081b1181b

SHA1
3c3ff75e2cd5f10c9e18824e5ed75d2e8691772b

SHA256
46bddbd027c705128d53409d92b3bcb6af6bfdfb911b75e6d695a43f45939c75

SHA512
469058ca428f5940dbba045be0939e821a46d8e7d759982a1b5288a0e0fe6d237ba878abad017b5dcd225ddb047e2f9b4f41ad5910d803d594edbecdf2904e83

Download Submit
C:\Windows\System32\perfc00A.dat

Filesize
48KB

MD5
ac61727ac492f2bf18f78f9c1ceb274a

SHA1
504950093d36dfa96eb6755745c74639bed9f747

SHA256
7f1e19e7b3bc1a0a8e16368aa094fbac1ffdd6395f6ef55cc0c21eff355e5f8a

SHA512
a8dd452bbe96cf6eedef7c8d620796a39d9dc91b0b2aef4feb5aceae797dde94a59f344d9da788f48c2921d4d364110faef820f1a22dcab2430ade4f321b9887

Download Submit
C:\Windows\System32\perfc00C.dat

Filesize
41KB

MD5
8549a8ea4da88cfe3cd71c4355acaa9f

SHA1
6bb1932c1e08e81381c8e0befcba41459475a171

SHA256
c3213526502465949fcf06d4e81fcec1d17cb87886ecd151a5328a15555f9b3b

SHA512
af8f13272074a75122d81332ef0edb6fc73530c9f9088bb7e0549493b5cc72f93d822d5f25748c806db7292f518afd37e83cdc23070a520f9757fc4e48426ce5

Download Submit
C:\Windows\System32\perfc010.dat

Filesize
44KB

MD5
a62e20505ef504452d4c2c46ce53605d

SHA1
75b627ce2020cb9cb9645cfc6211faae81eadfeb

SHA256
35ca21dea3338075e22d4dbe7291174640a3c46457c912ab77528579d3be6b06

SHA512
1cfd21f1147f4521686d9a58624c50a7a37537dde4ad44ee83e247bad51c7f1807bbb224d395ba575165e1f701fd84cb31a38276f6003cffc624e45cb0c97eb8

Download Submit
C:\Windows\System32\perfc011.dat

Filesize
33KB

MD5
23131f7e2c8a425ff58db48f4c3e37c7

SHA1
b2cc15edccc369cd81653b0832a88e9b7884917d

SHA256
bf759e022606b52648b661da1a29574ed3b2281f65b2d19fb2277259a8c51a76

SHA512
c17ffa782a8504b78c6130d993471304996c2bd2c1958482b3521e003a208e7544862b4bfd78fce29ebaaf433e69cd0f6d83aaf904252844f196e1125393d265

Download Submit
C:\Windows\System32\perfh007.dat

Filesize
309KB

MD5
b1bd571128b1d9f120fec572599f65b7

SHA1
46a633f5cb59cfeecbc65b77d76701393a60547d

SHA256
7521bad65a5393f75fc25b84bd8e3875bedfaea4e26f29cbdb9228725d799218

SHA512
f19d5d098d4123ec8a781e0623ae6084957ba4087c11dfadadec4a063ad6e0882d3434234f54b60486dc8e8e7879494c23940cf764b4edbaa75f99fe636c3034

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
303KB

MD5
fa517bc7ff262ee424dee660fa816715

SHA1
ddf59dc2aa97afd71a14f4fa1c6c3f13d8793e0e

SHA256
ad437512fdd010d20ba8912b6915845da2000adafa62b2817fbc2d1a372b1aef

SHA512
61b6a91d254b5431535a50a656d53f16f12a44997bd49252853c7b05c527873440d36635f6dfb55118aa525210cb5f4ed6dc570cbfea49b8cf10323d034616b3

Download Submit
C:\Windows\System32\perfh00A.dat

Filesize
354KB

MD5
a4149c36b9d5e65068e6cdd01b542d89

SHA1
64462fb9fd5e66bac11d818df5a91ebb16f2477f

SHA256
c8fceb584f4c3ba93a16a681051b706ac7588bde9ec2adcffb63b2047b33907e

SHA512
47ec8e4051117f79845d493e8a9b574c2f1461c0625379ca6a21c417564cfda6b509333d6fed424ad606180ce28d74e07900f30184aeae27d421e60da950bc02

Download Submit
C:\Windows\System32\perfh00C.dat

Filesize
355KB

MD5
1a51a7146c639ae88da89b43018d15d7

SHA1
fbcfeee46f1a60ff5726372ecf93667704f3605a

SHA256
10b789f6c7a45c700c019c862553f51b7b3ca20eabd1688d0744c93c0656bdb2

SHA512
e1c2f23a9f4702f6367bb60b83b6d85fa88b9ca94de8d3dacf0aa3ff584c9feeeb826ba5447bd2a2bff9ba2ce58b8f3643b8430aa617b92377a1c7d8836adb50

Download Submit
C:\Windows\System32\perfh010.dat

Filesize
347KB

MD5
ee8fa5cfc3a2a88de2a43ab06b4f9ca5

SHA1
1399534037e8198fd30dd111a0dbb813e13534b5

SHA256
021fe9b24c6f64fa90d3793959429012673ce2a4b6b3f5bdc5c48ff55c9a5930

SHA512
9139e269260be7f9d871ae9514ef6a36756d94d74b14ad22bc9f2d471a626c1b572fb0147f85d286ddb2b103d3fe5872335e583492f0aae10a786bf69a04ab78

Download Submit
C:\Windows\System32\perfh011.dat

Filesize
154KB

MD5
782187cd914885ed571b3dca1c60c53f

SHA1
a608aada89c4ef3bace57805965e80855bdedce5

SHA256
a74bd71d1c4ce22b988a8ecfbd20fc7f12eda88f1a3a562fbb990f0c31a92ade

SHA512
fa0b4fe4de5daac87e44f5605e4c600c6b884aae060c89bba6c6b237fee9c22b811df7174bf5efa45d50e9f1ae221b70ff771008589c7e1ed9f58d68eee91fb5

Download Submit
C:\Windows\system32\perfc007.dat

Filesize
145KB

MD5
68e1f462eeb3b5574695d03af8bdb795

SHA1
f3354d0149bfecd64e4677aa6a962b533df06998

SHA256
d7d06fbe0f9f70e66d414ea4a179564249a99ef78b0411a084bc04d9976bd0aa

SHA512
59e2b5f492acc5b6808f910954c0a43298f14dd9ddd23a88726df7cef4393b4a8ea2ff11313184a274aa8b171be3f97d47f9e4a10778006da664678452d7f317

Download Submit
C:\Windows\system32\perfc009.dat

Filesize
118KB

MD5
8c339d97c2d81309bad6a764e0916b32

SHA1
c41c8f7f7059b790df3a0d2f2351ba8df58bd7f4

SHA256
f32a49c73e5e8ddc54128f0bf2decdecd7f977e6fe478345c8749ff66a23c39e

SHA512
ebece37752834e2e3c0784f3d446e20e9b4314885a4f7726dd99265e25e588b8c993fd75f0aa7316683552c987dbf53114df31fe3c6e05002256877c2a3a0168

Download Submit
C:\Windows\system32\perfc00A.dat

Filesize
44KB

MD5
dcb672d6decf05da7742caf248835750

SHA1
4d9bb461f8f215b10c826a032155f0cb3e74812a

SHA256
026b438d2734055334738f58616fbae73ad3579ae02d9bbcfc771a6082e73466

SHA512
8f9d19f3dc67046d7f04d6a59132cd6b88b47330bc10c8b94cce2e05b54cb47f3bdee1e8c3ceb459c1ea917c2b77e3b02c8a78e15dc41d2a53553d62b7004598

Download Submit
C:\Windows\system32\perfc00C.dat

Filesize
45KB

MD5
f9ddf8a0783304042660be0276f299cf

SHA1
27d8cb398453892bb43c068558aadc1d5236c150

SHA256
5c004b1e755da0e328f6f7e44a606c0ec786c42de91f483461362032d284e17a

SHA512
48a238301e5c046658a23c82b7d407e7be8f8d572d3ce28254e45c5067d2c3a08b0b7aab9198d922a40e5ab57d35834efc795fbe62e032c38b3f4c68158fd0b9

Download Submit
C:\Windows\system32\perfc010.dat

Filesize
45KB

MD5
66d8c07eeb9d493df2155bbb9a0871a1

SHA1
71d0591ba8fbe5f744720f62b114657ff3f675ba

SHA256
ec115e31077da625607ad0087e32bf2aca28aec65b206d7f9ef5828d2858a64e

SHA512
11e3fd2c04068600dc796b2a1ca17bc8bc898fa458aa1d2466c2077f54462bbe463b873260cf54c81ca00bc71ec18e0319ed0dd5fb9edc74ec87bccfd0b3defc

Download Submit
C:\Windows\system32\perfc011.dat

Filesize
38KB

MD5
ed691696bc542ed05008d75f834366d6

SHA1
93d44e3f61fe9bd0b9e455434385a7033b1d2b4a

SHA256
99d99ee4aeb8e85e6e91fa328943b3ca88c5c5655c52d578c4bc8e313bad46bd

SHA512
fe06281015b8ade4603b98986913ed9c40f943838bdc081602ba71fba1dedc0c6d8737109603609113c96caab53e97a40e89a794ada5b1863fa37537dfa83cd1

Download Submit
C:\Windows\system32\perfh007.dat

Filesize
288KB

MD5
7d57d289c5f93908319dea1080cc111d

SHA1
e603992400cf24d43468030480bda4f91b296a95

SHA256
1d5e48f8879225d8df14109e236c99bfdb3840e4f1a7ddce0e20038bfaf2bcf4

SHA512
88879f2ad89b7ba188bb4206596e730761836d2b2e45255bc4a8a582fa5ef3a835780becac38fd9f8d4ce59c0890f70b8de3de9978028f781401d0be6d743718

Download Submit
C:\Windows\system32\perfh009.dat

Filesize
291KB

MD5
c5c10a72aa1e91d43b2dd78c20650011

SHA1
ab244073e8588792f9f3965818fddfb630c7060a

SHA256
fccb8b99cf88f1fdc4679007420f6bd6a720548755eae6e7aed2ce1a72032df5

SHA512
2501375beb3d6c59aecebbd916b1bca39c923a77d746cb8335eac130aa213388aa9aaffae58e640b61889b66bb94638902803e155c867ddc1f9c9288ad0276a0

Download Submit
C:\Windows\system32\perfh00C.dat

Filesize
357KB

MD5
089cfa235cc3f56e387013da22680845

SHA1
028f6dcc04eb526634c6105354019a2ddb3494d4

SHA256
893761e49ace62c236e2050e075a0be96925a05851cb561723bc31ccd52cf323

SHA512
aaef9efb5ebedf34beec23d0d2c6435f4760904f13c9abbd62f03fe50b9e155fdf3a725daf49a69ce9be237c2f1c90307004a0700b9850f83d54fcda80cb53ae

Download Submit
C:\Windows\system32\perfh010.dat

Filesize
349KB

MD5
0ec66902b0a890a02c26ac840fb42de3

SHA1
595a83cb01f5700c2c0b7c568d29ef16ba9798fe

SHA256
bce6ee6584102efe74b0d154155595fe782daf3d561a3c5ad6c839ee72a45743

SHA512
a261fe70fe8b1ca633d09c9807bb836f668fbde51f64b573f60828c7c46626e9a96d107bbd7f8138bcd8649542b09a83a9ca3ecdb868c4e174696a8e211b6212

Download Submit
C:\Windows\system32\perfh011.dat

Filesize
155KB

MD5
e297b6d1dd9dbbbc1df0118705c4f678

SHA1
6fc3a28b643ad8d21a2753d5ef41b87edb37e25f

SHA256
30ecd05184bf59fb81b2999cd6c561445fc1955673a4b209bf257bb86817ee86

SHA512
c75c992ab4ef9cf662dfb244639dd0ee02770adffad32cd947fddb95762f4dfdadd7817485a11fd2e9cb5e844a7a487af9095ab2abbbb9639e6a370465b519e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads