Analysis

  • max time kernel
    37s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 23:24

Errors

Reason
Machine shutdown

General

  • Target

    MicrosoftWindowsServicesEtc/checker.bat

  • Size

    151B

  • MD5

    f59801d5c49713770bdb2f14eff34e2f

  • SHA1

    91090652460c3a197cfad74d2d3c16947d023d63

  • SHA256

    3382484b5a6a04d05500e7622da37c1ffaef3a1343395942bc7802bf2a19b53f

  • SHA512

    c1c3a78f86e7938afbe391f0e03065b04375207704e419fe77bf0810d1e740c3ef8926c878884ad81b429ec41e126813a68844f600e124f5fa8d28ef17b4b7bc

Score
1/10

Malware Config

Signatures

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MicrosoftWindowsServicesEtc\checker.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:392
    • C:\Windows\system32\wscript.exe
      wscript.exe callfunc.vbs
      2⤵
        PID:4268
      • C:\Windows\system32\shutdown.exe
        shutdown -r -t 00
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3512
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x4 /state0:0xa39fa855 /state1:0x41c64e6d
      1⤵
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:4232

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads