f1a398113ad169cb462ffeb52eaf0e95085bf27e5e7eed458e57dd81953bcd0b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 17:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3 - Оптимизация Windows/11 - Rebuild Performance Counters (Запустить от име.cmd
Size

128B
MD5

ce34b00fb9217b954d5423aeddd113a0
SHA1

0567474124488fdf55c2054c5b6d5571cc90f1a8
SHA256

79115bf604bd018c3599082f1820d2ce973b7938c5a7112bde18117f3c408bf4
SHA512

607700a02ac82b07b584ebd3c1e0c919b85ac49e4741b6609fb514dcfc3686760a376b660ccdf67072304d9a5f964a8eb6463bd0cfa19370eb06dedd029f049a

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 24 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh011.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc007.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe
File created	C:\Windows\system32\perfc007.dat	lodctr.exe
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfh011.dat	lodctr.exe
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 2356	5032	cmd.exe	90
PID 5032 wrote to memory of 2356	5032	cmd.exe	90
PID 5032 wrote to memory of 1092	5032	cmd.exe	93
PID 5032 wrote to memory of 1092	5032	cmd.exe	93

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\3 - Оптимизация Windows\11 - Rebuild Performance Counters (Запустить от име.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:2356
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\perfc007.dat

Filesize
44KB

MD5
4310cecf3a73920ecaa4d6414ab07f68

SHA1
1694d9ac571d38a1e3e590ecfa85ca7428770be2

SHA256
869bb41741bd8d256c97ddd08833ec24f6b3a2f5c45c99fae161b46377d3b99c

SHA512
a120f7ef2118118e0255e6867204829766676e255631b69035f63fc640d48a8482b3e4f338ff9d4211dc25858d0f319bf28eb37f3c4d46788f35858b35a72371

Download Submit
C:\Windows\System32\perfc00A.dat

Filesize
47KB

MD5
31a5fcb3c593f1a47bb386dd50b4ee7f

SHA1
d6c3b21a030104c62c44e329a0f7f0c0544c5727

SHA256
701a06fe6f778769163a103493bcca29bed41ed9935d430a89404a9a9e9dddcf

SHA512
86ac70a4085e0b197f295131034c38b9bf64ce826cca4346a08a7ce1fc5ab0d64826055cddaf66f75e397b17ccfc68d48ec0a2d9da28fbf9dc103955192a022a

Download Submit
C:\Windows\System32\perfc00C.dat

Filesize
43KB

MD5
8b4b53cf469919a32481ce37bcce203a

SHA1
58ee96630adf29e79771bfc39a400a486b4efbb0

SHA256
a7b3a2b6c67e98cf2b13684c8774113c4ed4f60cd6fc673d4c9dcb360c60ce42

SHA512
62217e68c9e4c7b077e127040318c603e2f2cbcc5517ce0cfc6189e43023f8d8a05b8e694b2a35d4b409241136a1067749b7b6e2049d6910246d8c0fa6e9e575

Download Submit
C:\Windows\System32\perfc011.dat

Filesize
32KB

MD5
50681b748a019d0096b5df4ebe1eab74

SHA1
0fa741b445f16f05a1984813c7b07cc66097e180

SHA256
33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

SHA512
568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

Download Submit
C:\Windows\System32\perfh007.dat

Filesize
322KB

MD5
8e549f070ac8bb646d0c34569ad6d880

SHA1
2a9bd2f7378ef5e85831cf590d9d735e9645f49e

SHA256
b08ebaa7d8ba93702ba84a59f41c0faed94273203d353c4f3cad31530d1b3751

SHA512
10c3a012dc64fdcb5bb0d8fe03aa771b936e78092de33e029658ad18e8c4771cddb84e6057b79bf8e6e90a8f3972f4bb1cad16f3cc96c13527289f3477f5fbd5

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
310KB

MD5
1ad05e460c6fbb5f7b96e059a4ab6cef

SHA1
1c3e4e455fa0630aaa78a1d19537d5ff787960cf

SHA256
0ae16c72ca5301b0f817e69a4bac29157369ecfbadc6c13a5a37db5901238c71

SHA512
c608aa10b547003b25ff63bb1999a5fff0256aadd8b005fdd26569a9828d3591129a0f21c11ec8e5d5f390b11c49f2ef8a6e36375c9e13d547415e0ec97a398f

Download Submit
C:\Windows\System32\perfh00A.dat

Filesize
360KB

MD5
1402add2a611322eb6f624705c8a9a4e

SHA1
d08b0b5e602d4587e534cf5e9c3d04c549a5aa47

SHA256
0ac43c8e77edb2c1468420653fc5d505b26cdc4da06c4121ce4bbecae561e6cb

SHA512
177d5ea7e77eee154042b5e064db67a5cac9435890a2ff65cd98da21433f4e7de743e9df22ac0ac61be89fc0be8655b46454ed4a930d13fc7c1dfebe5896781f

Download Submit
C:\Windows\System32\perfh00C.dat

Filesize
363KB

MD5
d0a8d13996333367f0e1721ca8658e00

SHA1
f48f432c5a0d3c425961e6ed6291ddb0f4b5a116

SHA256
68a7924621a0fbc13d0ea151617d13732a991cef944aae67d44fc030740a82e9

SHA512
8a68c62b5fc983975d010ae6504a1cbfdf34d5656e3277d9a09eb92929e201e27ca7bd2030740c8240a4afd56af57c223b4fd6de193bedf84ac7238777310de4

Download Submit
C:\Windows\System32\perfh010.dat

Filesize
353KB

MD5
a5389200f9bbc7be1276d74ccd2939b4

SHA1
8d6f17c7d36f686e727b6e7b3a62812297228943

SHA256
494db162e2ccd95e69404a34170b6e59847f444881834f3c175c6bc70d783087

SHA512
fc1d1e81362d186410b4af3d6add3c8b32fdd75ea79b7e868cc16615358264af04f47170229d32dffcbf7e1ba2b841ccd2d4f27b0f8d82a0685806c22d3d0a92

Download Submit
C:\Windows\System32\perfh011.dat

Filesize
158KB

MD5
41f2dbe6f02b3bb9802d60f10b4ef7a2

SHA1
f1b03d28e5be3db3341f3a399d1cc887fe8da794

SHA256
eca01d5405d7e8af92ea60f888f891415ea2e1e6484caff15cbaf5a645700db2

SHA512
1c7b85e12050d670d48121e7670e1dab787e0a0b134e0ab314dc571c3969d0f9652ff76666bb433aac5886ca532404963a3041a1d4b4352e3051c838965fd3b1

Download Submit
C:\Windows\system32\perfc007.dat

Filesize
137KB

MD5
cacc87a7a4824d4fca6da760d909821d

SHA1
a1f2ccfa48a2d8877425f16e0723e3b3ce8f0f67

SHA256
1f431b499e240794a4f798579cdb642dcac1b271451291327404c98605e5ebf6

SHA512
7ac2c48b41a1b13af9c8a0097d913ff5c8fbe72456faf49d0dda213ffe6ed4d2373f16963d42c5d9d09cccbc8d70ede86eba03c815a4c9b2c6af8a5d739c76ee

Download Submit
C:\Windows\system32\perfc009.dat

Filesize
122KB

MD5
243bb32f23a8a2fa8113e879d73bfdf7

SHA1
2f9d0154d65d0b8979a1aeb95b6cf43384114f70

SHA256
69012c5b50e669fca5ad692dc405017da474a5a4ec876de70d9748a4f30c046c

SHA512
34f7663ef59412a12ce950eb5ab947b2fb6bb811d5cfd92d05b6a884bcb2fc31fdc880b8e152a383055ca0efee707eb23bbfe181ace8c1ca112262f2a75bf0a8

Download Submit
C:\Windows\system32\perfc00A.dat

Filesize
135KB

MD5
56783d18aaeec17fec20933c40260f69

SHA1
914cb2d953201e9b51cefd1b34d51f901be04c1e

SHA256
462b0367aa544192bf7ad7fcb5a98920a6c6a42fa84121fb5da5e2b050e1283e

SHA512
57f00be0d5008f451d35dbc5ba272dc122f1140430ba144c0673d50558d5ac7298c23225f31369c9300daf13088f6dd19075c03463eb8afcc08cd2463ffc9327

Download Submit
C:\Windows\system32\perfc00C.dat

Filesize
137KB

MD5
9c5082e51f9169b23796382010d5e69a

SHA1
46b0d3c2a8b3829bd61f3e313f3268a9bb0e1a40

SHA256
4abbd4c74fa008754210062d9b25a31c7b27ae04c698d493b7a55fd671ae1447

SHA512
957d58c45dc10e74ef78e68df4153a40c7cef08ace2ddc210dbdeaaac363957d4af0bbe3645f393d812b2ab8097b52bedcafebaa1aa5d015d8933aa34e33a615

Download Submit
C:\Windows\system32\perfc010.dat

Filesize
134KB

MD5
579c88201673ae4d679c6da369fc768c

SHA1
46c67eb656a170c0e2f9193dd3a5cdeb6f99aed9

SHA256
dd841a219b2524a5403be0ad43271ff711147182487269726b60212139516fc1

SHA512
fc4370bda6e57d9060209ef2b66fa0aff30081a8391ad7a6cd2d35d7271f5d377db08508e46beae8cb7c9b3541673204de903154d8c76340788120c210acaa95

Download Submit
C:\Windows\system32\perfc011.dat

Filesize
122KB

MD5
451fd3eea8608134ff91280fb0ff7e4b

SHA1
e81546c72260060eb757195f3702014533b527dd

SHA256
a8228c74b4dc81c755c56beaa5e91515d09c24e80f820713b3095816c4e552db

SHA512
7bf51087ea8b8a0d2ea7b2a0e3b1cff8e44e3549735b1ae757622ca7157c9391132f7d68711a91fbee7f681927759ca552cf885f5aeca4a6a005d8a27fd5f8fb

Download Submit
C:\Windows\system32\perfh007.dat

Filesize
640KB

MD5
2232ea1617f9b36e5c69fef564e6966a

SHA1
fcd09c840535c0df4e76aaa69613584f6186beea

SHA256
0d164de1ca0b320bb3307692ae49b58b61083461ddf98aa6a000046e0d03b138

SHA512
4ae9b2ad6c85c7864d878278f2c7c054220f6b2b15a74e1224f610f0437ce83db13af75f28b164e12650a274c191a4c430070394e4f292ee7f9e0fceca07f82e

Download Submit
C:\Windows\system32\perfh009.dat

Filesize
64KB

MD5
c4c3e0a0e5b1e870f1a6aa41e8dd1166

SHA1
0d8056ddfcc5b6ec8974e1eca4acfd4df12a226d

SHA256
1abaf96297b8da03826ed66459aadcad667514118fe405747c4152e3585826a2

SHA512
0ebac2ed2ee711c0c7e72d106a669b9bc7cdaaa2317a44ec863138638def15202177a26f95534dbcaa3396f1691a62b53ac9efb3bfad20654a8538dcd1ba771d

Download Submit
C:\Windows\system32\perfh00A.dat

Filesize
65KB

MD5
b1064e5dd327d01e0a75f8e7a9a0817e

SHA1
1e09768338bfc1200689b9aaa32d212c3104c350

SHA256
0ebba7109605e7f70a047cfb0f51ac119f35a212807c8d17be360523786c6816

SHA512
ac7fe8deda8577d4752874830376222f0714882d8ccab66a8d30238579b5dfcd353d6c820bae4756216e6c7296e33fb199f4a8e3958932cd9fb23c03b208f349

Download Submit
C:\Windows\system32\perfh00C.dat

Filesize
710KB

MD5
23270ed87d184d7992983cd5941360b0

SHA1
600a3e067a2490f1c204b5280cfc475be4f50959

SHA256
b090fba956652c7bd1e48b6ddb64b443236dc828de37b1ddf777e0feac276976

SHA512
0ab0511f853220779b2a2cac3d93db9d084d0c4cd1153e1820350e9fca0bf24a03abd108a2a52309786caa16793c301aadddcf398c7d05b3b1f05e1b39720eb3

Download Submit
C:\Windows\system32\perfh010.dat

Filesize
697KB

MD5
97566ede26c69e0c3f452c491bc725b3

SHA1
c20ea4cf93a33378b9389be36d3dc919e84238a6

SHA256
16d1f5b0334a0bd79023e598a94b80e7ec84e0b7583030c0ea6acc46a4d6f8cf

SHA512
097c12024bb746803b29499ec68af33f98ff8d6d3c039e704a2f8344fd5d9b4d4c6ed63dd46735cc147305cf00cd84db3b2870bb9dabad0d96e1208d17285bc0

Download Submit
C:\Windows\system32\perfh011.dat

Filesize
446KB

MD5
e5966c4fef65e8fc0f66895f4776f1ca

SHA1
2819d993e64bf032fc2a4e71d0c40f349f9639d6

SHA256
51ae507017508db59eb8cd168a2219467ed9f9e434c78216c552619ff37601e1

SHA512
3e08fb643b8a7040ff5985d666b07d852f995da282e7ee388dae5785bb0ca543f18c34815077f23e277eb44454703fc0ac369b4ceccc04f20c2be861a8b61034

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads