466bf6d31065714ac4cfbaff1cd6cdb34831047082a85767a887284f20153f4b

General

Target

12.bat
Size

968B
MD5

9aa2d6dc655ed5dc4d3fa02879a6e593
SHA1

40d2c08d452632eef96fd900b84589e07c896c3a
SHA256

466bf6d31065714ac4cfbaff1cd6cdb34831047082a85767a887284f20153f4b
SHA512

84bacb6352c1826133f4a8d727d331fcefb9cc30ecf3a910b66e183f68106b536127cce00c202b604840d5416e16526beb961627cb5c0fe55c675434208b72b3

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1204	powershell.exe
2616	powershell.exe
2868	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1204	powershell.exe
Token: SeDebugPrivilege	2616	powershell.exe
Token: SeDebugPrivilege	2868	powershell.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1204	2240	cmd.exe	29
PID 2240 wrote to memory of 1204	2240	cmd.exe	29
PID 2240 wrote to memory of 1204	2240	cmd.exe	29
PID 2240 wrote to memory of 2596	2240	cmd.exe	30
PID 2240 wrote to memory of 2596	2240	cmd.exe	30
PID 2240 wrote to memory of 2596	2240	cmd.exe	30
PID 2596 wrote to memory of 2616	2596	cmd.exe	31
PID 2596 wrote to memory of 2616	2596	cmd.exe	31
PID 2596 wrote to memory of 2616	2596	cmd.exe	31
PID 2240 wrote to memory of 2868	2240	cmd.exe	32
PID 2240 wrote to memory of 2868	2240	cmd.exe	32
PID 2240 wrote to memory of 2868	2240	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\12.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "Write-Host"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell -Command "Add-Type -TypeDefinition 'using System; using System.Windows.Forms; [System.Windows.Forms.Cursor]::Position = New-Object System.Drawing.Point((Get-Random -Minimum 0 -Maximum [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width), (Get-Random -Minimum 0 -Maximum [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height)); Write-Output ([System.Windows.Forms.Cursor]::Position.X) ([System.Windows.Forms.Cursor]::Position.Y)"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-Type -TypeDefinition 'using System; using System.Windows.Forms; [System.Windows.Forms.Cursor]::Position = New-Object System.Drawing.Point((Get-Random -Minimum 0 -Maximum [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width), (Get-Random -Minimum 0 -Maximum [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height)); Write-Output ([System.Windows.Forms.Cursor]::Position.X) ([System.Windows.Forms.Cursor]::Position.Y)"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2616
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "[System.Windows.Forms.Cursor]::Position = New-Object System.Drawing.Point($randomX, $randomY)"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\68QCCL1JHNOB4GRHS3C6.temp

Filesize
7KB

MD5
2afd5480f03ec5b6a800dc7393326de5

SHA1
315aa5f591877f88141ea2aa813a5551a70d22fc

SHA256
e0364bf8f4ced4936f1f3a0e682211a233a2edb75f306f3be7d78cb94394cfe9

SHA512
fff614e952cc5006703c76dfd3728c29f12bcb52fe46b68a67f5ae5c76578de2f2b05d17bb3584ea045bd5253f55a5e7a5da2f06837fa79418bd0645403f0df1

Download Submit
memory/1204-5-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/1204-4-0x000000001B670000-0x000000001B952000-memory.dmp

Filesize
2.9MB

Download
memory/1204-7-0x0000000002810000-0x0000000002818000-memory.dmp

Filesize
32KB

Download
memory/1204-6-0x0000000002BB0000-0x0000000002C30000-memory.dmp

Filesize
512KB

Download
memory/1204-10-0x0000000002BB0000-0x0000000002C30000-memory.dmp

Filesize
512KB

Download
memory/1204-9-0x0000000002BB0000-0x0000000002C30000-memory.dmp

Filesize
512KB

Download
memory/1204-8-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/1204-11-0x0000000002BB0000-0x0000000002C30000-memory.dmp

Filesize
512KB

Download
memory/1204-12-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/2616-21-0x0000000002860000-0x0000000002868000-memory.dmp

Filesize
32KB

Download
memory/2616-26-0x000007FEF4900000-0x000007FEF529D000-memory.dmp

Filesize
9.6MB

Download
memory/2616-18-0x000000001B520000-0x000000001B802000-memory.dmp

Filesize
2.9MB

Download
memory/2616-20-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/2616-22-0x000007FEF4900000-0x000007FEF529D000-memory.dmp

Filesize
9.6MB

Download
memory/2616-24-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/2616-23-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/2616-25-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/2616-27-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/2616-19-0x000007FEF4900000-0x000007FEF529D000-memory.dmp

Filesize
9.6MB

Download
memory/2868-33-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/2868-34-0x0000000002B80000-0x0000000002C00000-memory.dmp

Filesize
512KB

Download
memory/2868-38-0x0000000002B80000-0x0000000002C00000-memory.dmp

Filesize
512KB

Download
memory/2868-37-0x0000000002B80000-0x0000000002C00000-memory.dmp

Filesize
512KB

Download
memory/2868-36-0x0000000002B80000-0x0000000002C00000-memory.dmp

Filesize
512KB

Download
memory/2868-35-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/2868-39-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads