734c29994e7cd8ebd8e0da8b101b7254b0bc92d51191699d3a2b8e86d43c13d6

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dec07be8552f9aae9e0fb5f41207575.exe
Size

561KB
MD5

6dec07be8552f9aae9e0fb5f41207575
SHA1

cd7f468c790beb89766033949acbdecd82917e27
SHA256

734c29994e7cd8ebd8e0da8b101b7254b0bc92d51191699d3a2b8e86d43c13d6
SHA512

4d531488905b2846dc2c52629b29bf39f2deaced41b51a7071a213284ab89bb10d15fb2fb50c378bca17975f98b77c4ef357b57791bddc1bd73701100230f6b6
SSDEEP

6144:N8JsLcpjzTDDmHayakLkrb4NSarQWvrXiXAichXHcQRZYXl3HOFkFXOR8:6zxzTDWikLSb4NS7uPXsQRZ2leqFXOu

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 48 IoCs

evasion

pid	Process
3100	timeout.exe
2572	timeout.exe
2468	timeout.exe
576	timeout.exe
2112	timeout.exe
2100	timeout.exe
1732	timeout.exe
1748	timeout.exe
3168	timeout.exe
3196	timeout.exe
3924	timeout.exe
3316	timeout.exe
2260	timeout.exe
3372	timeout.exe
1040	timeout.exe
3308	timeout.exe
3928	timeout.exe
4048	timeout.exe
3944	timeout.exe
2700	timeout.exe
1764	timeout.exe
1536	timeout.exe
3644	timeout.exe
3820	timeout.exe
2704	timeout.exe
3352	timeout.exe
960	timeout.exe
1732	timeout.exe
692	timeout.exe
928	timeout.exe
3460	timeout.exe
4036	timeout.exe
3600	timeout.exe
3620	timeout.exe
2972	timeout.exe
1504	timeout.exe
572	timeout.exe
1232	timeout.exe
1960	timeout.exe
2152	timeout.exe
3124	timeout.exe
3764	timeout.exe
2600	timeout.exe
568	timeout.exe
1872	timeout.exe
3048	timeout.exe
3924	timeout.exe
3272	timeout.exe

C:\Users\Admin\AppData\Local\Temp\6dec07be8552f9aae9e0fb5f41207575.exe
"C:\Users\Admin\AppData\Local\Temp\6dec07be8552f9aae9e0fb5f41207575.exe"
1⤵
PID:2784
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat" "
  2⤵
  PID:3056
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=N0ixzrZe--0
    3⤵
    PID:2512
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
      4⤵
      PID:1828
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275461 /prefetch:2
      4⤵
      PID:2068
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:406536 /prefetch:2
      4⤵
      PID:1084
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:537614 /prefetch:2
      4⤵
      PID:2596
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:472104 /prefetch:2
      4⤵
      PID:2188
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:799778 /prefetch:2
      4⤵
      PID:472
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:799784 /prefetch:2
      4⤵
      PID:1652
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:1258516 /prefetch:2
      4⤵
      PID:1732
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:6763526 /prefetch:2
      4⤵
      PID:3660
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:1127459 /prefetch:2
      4⤵
      PID:3700
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:12661761 /prefetch:2
      4⤵
      PID:3688
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:11613190 /prefetch:2
      4⤵
      PID:3680
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat"
    3⤵
    PID:2776
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
      4⤵
      PID:768
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        5⤵
        
        PID:752
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        6⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        7⤵
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        8⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        9⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        10⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        11⤵
        Delays execution with timeout.exe
        
        PID:1232
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        11⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        11⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        12⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        12⤵
        Delays execution with timeout.exe
        
        PID:576
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        12⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        13⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        13⤵
        Delays execution with timeout.exe
        
        PID:2260
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        13⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        14⤵
        
        PID:880
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        14⤵
        Delays execution with timeout.exe
        
        PID:2112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        14⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        15⤵
        Delays execution with timeout.exe
        
        PID:2100
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        15⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        15⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        16⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        16⤵
        Delays execution with timeout.exe
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        16⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        17⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        17⤵
        Delays execution with timeout.exe
        
        PID:1872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        17⤵
        
        PID:952
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        18⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        18⤵
        Delays execution with timeout.exe
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        18⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        19⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        19⤵
        Delays execution with timeout.exe
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        19⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        20⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        20⤵
        Delays execution with timeout.exe
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        20⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        21⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        21⤵
        Delays execution with timeout.exe
        
        PID:692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        21⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        22⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        22⤵
        Delays execution with timeout.exe
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        22⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        23⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        23⤵
        Delays execution with timeout.exe
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        23⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        24⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        24⤵
        Delays execution with timeout.exe
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        24⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        25⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        25⤵
        Delays execution with timeout.exe
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        25⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        26⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        26⤵
        Delays execution with timeout.exe
        
        PID:3048
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        26⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        27⤵
        Delays execution with timeout.exe
        
        PID:3100
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        27⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        27⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        28⤵
        Delays execution with timeout.exe
        
        PID:3308
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        28⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        28⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        29⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        29⤵
        Delays execution with timeout.exe
        
        PID:3460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        29⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        30⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        30⤵
        Delays execution with timeout.exe
        
        PID:3644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        30⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        31⤵
        Delays execution with timeout.exe
        
        PID:3820
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        31⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        31⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        32⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        32⤵
        Delays execution with timeout.exe
        
        PID:3928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        32⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        33⤵
        Delays execution with timeout.exe
        
        PID:4036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        33⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        34⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        34⤵
        Delays execution with timeout.exe
        
        PID:3124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        34⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        35⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        35⤵
        Delays execution with timeout.exe
        
        PID:3168
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        35⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        36⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        36⤵
        Delays execution with timeout.exe
        
        PID:3372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        36⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        37⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        37⤵
        Delays execution with timeout.exe
        
        PID:3600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        37⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        38⤵
        Delays execution with timeout.exe
        
        PID:3924
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        38⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        38⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        39⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        39⤵
        Delays execution with timeout.exe
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        39⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        40⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        40⤵
        Delays execution with timeout.exe
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        40⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        41⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        41⤵
        Delays execution with timeout.exe
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        41⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        42⤵
        Delays execution with timeout.exe
        
        PID:3620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        42⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        43⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        43⤵
        Delays execution with timeout.exe
        
        PID:4048
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        43⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        44⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        44⤵
        Delays execution with timeout.exe
        
        PID:3272
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        44⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        45⤵
        Delays execution with timeout.exe
        
        PID:1040
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        45⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        45⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        46⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        46⤵
        Delays execution with timeout.exe
        
        PID:3944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        46⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        47⤵
        Delays execution with timeout.exe
        
        PID:3924
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        47⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        47⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        48⤵
        Delays execution with timeout.exe
        
        PID:3316
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        48⤵
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        48⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        49⤵
        Delays execution with timeout.exe
        
        PID:3764
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        49⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat
        49⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        50⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout -t 1
        50⤵
        Delays execution with timeout.exe
        
        PID:960
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        42⤵
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=N0ixzrZe--0
        42⤵
        
        PID:1020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=N0ixzrZe--0
        36⤵
        
        PID:1660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=N0ixzrZe--0
        35⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\mode.com
        
        mode 1000,1000
        33⤵
        
        PID:4028

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:2600

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
PID:2824

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:2160

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:2572

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:2704

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:2972

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:2796

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:568

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:636

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:2468

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:3000

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:1504

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:636

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:572

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:472

C:\Windows\SysWOW64\mode.com
mode 1000,1000
1⤵
PID:1836

C:\Windows\SysWOW64\timeout.exe
timeout -t 1
1⤵
- Delays execution with timeout.exe
PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
11fbc0cf0dbde21bee55efddc66c05cd

SHA1
2e755e6d78ea6bc2ca073573c7615b2e98ef1418

SHA256
2c485e74ca9c3d79d4ee43b33b8721188dee1347064c39b015a8e2801c8836ec

SHA512
632f0b32e8f438cd934a65acda4b3564e0e914489086bf732705215295700033815ba2ab35e5a8e2a52581fe4be2ed541b8b8757e2fff4a599969bf2aded7f16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
697e11cb343f372f0d37ec2f65f16b75

SHA1
2b4fd091265382d7ec0fda10ce410a6a4ab5cb6b

SHA256
fff05aa4be38a02a84cebb6b4bcfcc4de36e96976c8b387cb6ff6651d12ceae8

SHA512
52df19aa8412da60f2983c9ccf63605c365dbf8b2b8b5c0d1703aec7617ba7c1545d09cd35a6b7f587b4f40d2ff6d833b238bbcad8a46a9a2f2bf36f1feac26b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a25e6e0dffde42824310f602007f7d76

SHA1
8fc1c5e5ebac143c4c24f0fd8bb30fae8aff2060

SHA256
bb8250cbc5cf5b4717796874802adab06f40becbea0a037e71fed2f07b53b7c0

SHA512
dea21a3467fddeb2cfea5d89ede6881fa7482da851d962e6d97094978e42c6842e1f59cb4b049a2cf193ba85382068ca372f8048e4aeb0e4fc3e94fefc03f367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e9fde88ac2c17efcc45935bd7c3861b

SHA1
791a4dc37e4eb348855be61f461fe79ba701e81a

SHA256
47558800c97d2ff7d2032294f1bff793a15c777050ecfd9697dc184f056554c1

SHA512
7be8b8c884dc4d79703e9d6b1b26071b21efcfb8d45e0e878507c5d24a9708e2a33ad0d16d23dfaa79c1acc7069689a9908e64579bba417329ca0bdae662ad94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
eb2bbd7c411e695b3c43814dde2cca23

SHA1
dc4f51af1e10cbd6908626524b82ad27b0f49545

SHA256
9dd52ac28e241ec2dba3f7caf87ff4cf17ba2d2675641eafd3dfb30dd7ad309e

SHA512
bdaeeef926ac2990238c5d83901a30a2c9027b7e956f37b2a1cbf506fbfbcc775e918a50b277879e0fa9f8bd8eb5e5b8afce8dd113a11327e6505d6da0e74b05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

Filesize
406B

MD5
6c02c951abaf1e8281d0bd75d4ec088c

SHA1
72c620d797cb1b6d9d29bbd4ebe3a6347f91bc04

SHA256
64a760c1d812beb5f569730dd516585df925f24b18929e3fcf03cd229836a313

SHA512
e05fb1706f71989085e17b8e8d4a9ee43fde3b2f23c586bbc11856ca8513ff2357d4d698482c6aed0b3f8e0e2a1f9f19644136d1dd0e4105135cf608a7755842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N88GNZKF\KFOlCnqEu92Fr1MmEU9fBBc-[2].woff

Filesize
20KB

MD5
40bcb2b8cc5ed94c4c21d06128e0e532

SHA1
02edc7784ea80afc258224f3cb8c86dd233aaf19

SHA256
9ce7f3ac47b91743893a2d29fe511a7ebec7aef52b2ea985fa127448d1f227c1

SHA512
9ad3ff9ed6a75f1a4c42ab2135f1f4a51a4d368d96e760e920d56d808a12b2adb4b524e0c135d3c1b3027ffecb2753293b9fdca6b81aa2c9bd6326743c669468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N88GNZKF\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
d3907d0ccd03b1134c24d3bcaf05b698

SHA1
d9cfe6b477b49d47b6241b4281f4858d98eaca65

SHA256
f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f

SHA512
4c5df954bd79ed77ee12a49f0f3194e7dbf2720212b0989dad1bc12e2e3701c3ef045b10d4cd53dc5534f00e83a6a6891297c681a5cb3b33a42640ae4e01bbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MATRIX2.bat

Filesize
4KB

MD5
e409da8b4024ea18de199ff4879cb810

SHA1
46460324a530e048615ba8e3d03b71097e5c809b

SHA256
b21f44d81a0611b070c986caa679a92f2bb869e7ca419f3dbd180f44cc2b1635

SHA512
06ece6cb93e55260e0ebfa8f2ed654691fe21dbb37518aa55a0ff18359279d0439a4773ee38ac96a142f917e9c41ff3e717db7ada3be6f2781f9cb0efbe401a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12BB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\new.jpg

Filesize
23KB

MD5
6bea69ba67b5d8df9f8da91e1a0c2d61

SHA1
898c0296592100bf4295521dc2aec70d566fa2da

SHA256
de65e11e16cec003a7e015ca14ddf6b29ad2cb5b321eee233673336f4d543040

SHA512
a34da2b0457603e3ad7dd8092708eaba57be51ed2f59b68a3182e3d410734c002b428599ec8fa34878fee0f199df364f76634d3d6bf3de301435a853370105d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4QHODKPM.txt

Filesize
363B

MD5
c55f95ba1e7adc357b956e7c1fd9e577

SHA1
8bda3accdd0caa78c3dc0ad69c573f0fe01b68d1

SHA256
705aaa9a2fafb3b2f5ce51e9d3eb1749daca5fb6978fac9285d086a983ae6947

SHA512
55b3e7b2ee6c83d328f82a18415af24ccb126d70cf7c90ba6748e429a957d90fae5a3cccc7c09b75e51e8cfcdcb4ff527f69981f182a0263ae66dbd5c41384c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A9YMUS7C.txt

Filesize
363B

MD5
d7bbabcd818e0f448a4a1ecd0aa2ff4b

SHA1
59c8185306f3284b9dca7c4fc8132fce1f1b318f

SHA256
582598624bc5aaa3ea7d92a6e727a789aa2d43568e5ef2271062d45c86dba812

SHA512
fbe61fd14ae06cb4bb1f49f3afdde86ef9549b077501758d55d2b826b80ba5e6645ce9e7ce04f1cf1bec1669b32a7418833adb9035d2c59c65748e83887c7900

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M6WMXKMA.txt

Filesize
363B

MD5
bd281e8c29307f2e60ba7041fd736a76

SHA1
501eea789332a48db71669ba1a921cc46b03e347

SHA256
352f6bbfb5449d92fe3defef27e3b42357562f6e779c6394a54a1a1866177f25

SHA512
a4bb2745c489f4349441ad77aa3a6ca95ab4da3b2ec04035aa2b3036206527e4d7df2b0426dcc8bafc94c4f05d99462bbd3684a9258c5c82484e72e59041767d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N9LMEXSX.txt

Filesize
363B

MD5
2d21083b85e99bca1f0c52cd9d3dbfef

SHA1
a7f25b7a4a0fd04c595d8cfbf2efe72cad411431

SHA256
8892c0a7f62efd40e37764ebe643712c308883950f3a4bf4e960690931bef7ee

SHA512
ed4d82027fcf21b5fd3ee2d1b77cbdc421e21c87729e3ee7a985cc43bd8904e4b82dcf827ba5b5574469730ae8dfcb843279c972c544f7fd0b9169c3df426417

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RBYJPLKG.txt

Filesize
363B

MD5
650faa3aca1f046ab7dc575c7eb05bc3

SHA1
56aa0eee0a60ac06cc5153733fee95f07dc95959

SHA256
5f4cab1a06db33c2ec999175feea19db811f2c31df284e772370d2a47689dc5d

SHA512
98bcece84465c374338a6eeae79bf63645447d317e9b7b2c43901b06a958fe7657ee3b4caf9a30179aa8aa884cd668957d1e7118bd9408b88ce5560fdbf5fdcd

Download Submit
memory/2784-18-0x0000000002320000-0x0000000002322000-memory.dmp

Filesize
8KB

Download
memory/2824-19-0x00000000001E0000-0x00000000001E2000-memory.dmp

Filesize
8KB

Download
memory/2824-20-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads