3c5e0085adfb6d60d77aa3b3f4a8cf2e3beb1139de69d1f921c6e1017da16a9f

Resubmissions

02-04-2024 18:02

240402-wmv86shb83 7

02-04-2024 17:49

240402-wd8g5sgh3s 7

Analysis

max time kernel
1559s
max time network
1513s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JIGUtility_V2.0.8.0_20230112/ASUSR_ParsingRecord/ASUSR_ParsingRecord/run.bat
Size

445B
MD5

e9b66659059fb09bd910851557f01a4b
SHA1

91799b761661882dccf6e10bfb1b15078cd41467
SHA256

71d3617055ea34bfda2c87dfb2d0bb5f916597fbe7b2a5d6c39a2cddbf64a891
SHA512

f96393b70cc3987dcad41640cceabc4cac6f23b89d25f98cfa95dfdba427e1a5b5a3120fa3bc56c5c23a2a2ea88c338e8e581216bd839e8c3180818246bff66e

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 2 IoCs

evasion

Processes:

timeout.exetimeout.exe

pid	Process
2200	timeout.exe
4908	timeout.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid	Process
664

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

ASUS_WNECT.exesvchost.exe

description	pid	Process
Token: SeSystemEnvironmentPrivilege	4948	ASUS_WNECT.exe
Token: SeManageVolumePrivilege	3712	svchost.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

cmd.exe

description	pid	Process	procid_target
PID 1416 wrote to memory of 4948	1416	cmd.exe	87
PID 1416 wrote to memory of 4948	1416	cmd.exe	87
PID 1416 wrote to memory of 2200	1416	cmd.exe	89
PID 1416 wrote to memory of 2200	1416	cmd.exe	89
PID 1416 wrote to memory of 3348	1416	cmd.exe	90
PID 1416 wrote to memory of 3348	1416	cmd.exe	90
PID 1416 wrote to memory of 3348	1416	cmd.exe	90
PID 1416 wrote to memory of 4908	1416	cmd.exe	96
PID 1416 wrote to memory of 4908	1416	cmd.exe	96

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUS_WNECT.exe
  ASUS_WNECT.exe /eeprom d a0 -dump rom.bin
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4948
- C:\Windows\system32\timeout.exe
  timeout /t 3
  2⤵
  - Delays execution with timeout.exe
  PID:2200
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.exe
  ASUSR_ParsingRecord.exe
  2⤵
  PID:3348
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:4908

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4584

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\20240402_191401_eepromdebug.upload

Filesize
928B

MD5
db7f5c231b3d3be9ebe5343aebaa86a0

SHA1
40ce50d121a9899386bc3ca133f81db17c3296ee

SHA256
626507b33ac19c4611dc33e55c653cfcff4efae1942bed7d4fcf8e9e7996e45a

SHA512
657e50d058f3701a92702aec8f96e50f5da4d77245e1314e482f58de6924938af41fde420b947aa627ab483f62ef5a14b58f203fdb6670267c2af6288a78414a

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.log

Filesize
10KB

MD5
ccce94172e3a9371515d0fb76d55673b

SHA1
c6c2a2476dfcb8c51871aa2801f01f6d3f11b8a0

SHA256
1c62fa4ae7b103927d1e41433019ba5cafa31a5b950979ec09d98a404d7781e8

SHA512
80ae97ab4fa9423b232a858cdb40752bea2a76095b28b8de90a2676fef369e9859f8871bbad27da19a3bd63c8b63f385f55e3f8b1321942b6e45b0dd304fe79f

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\Log_NECT_1712085230_20240402_191350.txt

Filesize
662B

MD5
80b9dd82e8d1df3fa41da374286bbf9c

SHA1
5916f676db85bb7a60b8e65998516d577fccb4ff

SHA256
805067b56b0181c2dcd7f713cf651b1abdad5619d6223f182361ac41e3bae26e

SHA512
731ac77410647a703c88c5a7d8f2d5c9574f96e292afb4b6714dd91c572002bb55e371489d3b2d4481d7a34aac1c30944535d18131e447e64b06e545a7f5d54f

Download Submit
memory/3712-18-0x000002CE67F40000-0x000002CE67F50000-memory.dmp

Filesize
64KB

Download
memory/3712-34-0x000002CE68040000-0x000002CE68050000-memory.dmp

Filesize
64KB

Download
memory/3712-50-0x000002CE70370000-0x000002CE70371000-memory.dmp

Filesize
4KB

Download
memory/3712-52-0x000002CE703A0000-0x000002CE703A1000-memory.dmp

Filesize
4KB

Download
memory/3712-53-0x000002CE703A0000-0x000002CE703A1000-memory.dmp

Filesize
4KB

Download
memory/3712-54-0x000002CE704B0000-0x000002CE704B1000-memory.dmp

Filesize
4KB

Download