1f332c357f6db42ee8293edd4b72606d46b380b77efb14628c0e9acb6bf0049d

Analysis

max time kernel
88s
max time network
92s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20-02-2024 13:29

Target

CyberSniff/filedwnldfrweb_CLIENTID_337399_pmCDl.bat
Size

30B
MD5

dbe3809bb0ddbab2b478cf7caff53727
SHA1

6329047e246fac9dfa4c062e332d8832b57e3433
SHA256

f69ad8b1968add8b07608056dda3518e14450a0d3805af2ba3ecaac0b762618a
SHA512

b06a4bceefd1cfddb6ab37c0209044c78e529add18f6eb38786c06feeb200127324e50d6171fe666ee774e96ecd3746816c60ad03984d045403a3c6a94ed176d

Score

1^/10

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

3424 taskkill.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskkill.exe

description pid process

Token: SeDebugPrivilege 3424 taskkill.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 4844 wrote to memory of 3424 4844 cmd.exe taskkill.exe
PID 4844 wrote to memory of 3424 4844 cmd.exe taskkill.exe

pid	process
3424	taskkill.exe

description	pid	process
Token: SeDebugPrivilege	3424	taskkill.exe

description	pid	process	target process
PID 4844 wrote to memory of 3424	4844	cmd.exe	taskkill.exe
PID 4844 wrote to memory of 3424	4844	cmd.exe	taskkill.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\CyberSniff\filedwnldfrweb_CLIENTID_337399_pmCDl.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4844