6e3a5fa4cceeb7c5822b28a0cb9a1ae7f2e7f0256bc965dec698a07e34641187 | Triage

Resubmissions

23-02-2024 15:47

240223-s8j69ade9z 1

23-02-2024 15:45

240223-s7j5vsce93 1

Analysis

max time kernel
0s
max time network
5s
platform
windows7_x64
resource
win7-20240221-de
resource tags

arch:x64arch:x86image:win7-20240221-delocale:de-deos:windows7-x64systemwindows
submitted
23-02-2024 15:45

Sharing

Report Analysis Logs

General

Target

BSOD.bat
Size

45B
MD5

d59eee2a1aa447aaecf021329c6154a2
SHA1

b83c9c3088da46bd2f437c897eb6675224262f6e
SHA256

6e3a5fa4cceeb7c5822b28a0cb9a1ae7f2e7f0256bc965dec698a07e34641187
SHA512

c3a4992ce37df34f48b0f631347592ca6b76c2c65c783bae47565d67c72b804598387c69eab507f4a4838d17663e5d48e4cad09b111985290cd138c12dfd373e

Score

1^/10

Malware Config

Signatures

Kills process with taskkill 1 IoCs

pid	Process
2176	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2176	taskkill.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2176	2116	cmd.exe	29
PID 2116 wrote to memory of 2176	2116	cmd.exe	29
PID 2116 wrote to memory of 2176	2116	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\BSOD.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\system32\taskkill.exe
  taskkill /f /im wininit.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads