3c5e0085adfb6d60d77aa3b3f4a8cf2e3beb1139de69d1f921c6e1017da16a9f

Resubmissions

02-04-2024 18:02

02-04-2024 17:49

max time kernel
122s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2024 17:49

Target

JIGUtility_V2.0.8.0_20230112/ASUSR_ParsingRecord/ASUSR_ParsingRecord/run.bat
Size

445B
MD5

e9b66659059fb09bd910851557f01a4b
SHA1

91799b761661882dccf6e10bfb1b15078cd41467
SHA256

71d3617055ea34bfda2c87dfb2d0bb5f916597fbe7b2a5d6c39a2cddbf64a891
SHA512

f96393b70cc3987dcad41640cceabc4cac6f23b89d25f98cfa95dfdba427e1a5b5a3120fa3bc56c5c23a2a2ea88c338e8e581216bd839e8c3180818246bff66e

Score

1^/10

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
1828	timeout.exe
3348	timeout.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
676	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSystemEnvironmentPrivilege	4664	ASUS_WNECT.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 4664	4920	cmd.exe	94
PID 4920 wrote to memory of 4664	4920	cmd.exe	94
PID 4920 wrote to memory of 1828	4920	cmd.exe	95
PID 4920 wrote to memory of 1828	4920	cmd.exe	95
PID 4920 wrote to memory of 4592	4920	cmd.exe	98
PID 4920 wrote to memory of 4592	4920	cmd.exe	98
PID 4920 wrote to memory of 4592	4920	cmd.exe	98
PID 4920 wrote to memory of 3348	4920	cmd.exe	101
PID 4920 wrote to memory of 3348	4920	cmd.exe	101

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUS_WNECT.exe
  ASUS_WNECT.exe /eeprom d a0 -dump rom.bin
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4664
- C:\Windows\system32\timeout.exe
  timeout /t 3
  2⤵
  - Delays execution with timeout.exe
  PID:1828
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.exe
  ASUSR_ParsingRecord.exe
  2⤵
  PID:4592
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:8
1⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\20240402_175734_eepromdebug.upload

Filesize
928B

MD5
db7f5c231b3d3be9ebe5343aebaa86a0

SHA1
40ce50d121a9899386bc3ca133f81db17c3296ee

SHA256
626507b33ac19c4611dc33e55c653cfcff4efae1942bed7d4fcf8e9e7996e45a

SHA512
657e50d058f3701a92702aec8f96e50f5da4d77245e1314e482f58de6924938af41fde420b947aa627ab483f62ef5a14b58f203fdb6670267c2af6288a78414a

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.log

Filesize
10KB

MD5
5a9eb8bfb31605cb399ea28fa1b5decb

SHA1
8032ff7a918558c2d5a230d33c67b300b11d1ab8

SHA256
a57d1a89a045d61b0268b12e0ecaa9518965c4671fd09336a842aee6bfbc5fcf

SHA512
7a124544f31be2a09da0050e6b9756ff93769f4eca85d50a096d855ccf8167c91e4a997884692c719b034d7784b31f9a38b0dfe98520de03d70c44562b1ca747

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\Log_NECT_1712080650_20240402_175730.txt

Filesize
662B

MD5
6655c14dd6c6224acbf2f46dfdce2d53

SHA1
2914c9e08a042e9997b7fdef975e7961c870287b

SHA256
2a58711f09d3ab47680d4bf8f2b90a006bbaa37fe5b260acbdfe570aebc71d4c

SHA512
81c5a62160013c1ce87f48207de4df1481242016e031d7ceba9a87aa4d01f9c895bc66ef9a503bce3c14844207aa6b16f6559d82cf45563b8c9a2f131980854a

Download Submit