d2e21f875187666536aedd0ed3cab185b35e5c3161b42cf666d96a72ffc40550 | Triage

Analysis

max time kernel
12s
max time network
35s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24/04/2024, 08:21

Sharing

Report Analysis Logs

General

Target

bsod.bat
Size

28B
MD5

f78c7b6d0cdab48ae20c2af64fd90bce
SHA1

e78d9e2a19424b37bbc2f9128aee0b06b122bb4a
SHA256

d2e21f875187666536aedd0ed3cab185b35e5c3161b42cf666d96a72ffc40550
SHA512

246cfb2cd890d9843aa4553753ca6a52e2f43d9dc441c5539d3c8157cebd92f92e616e0f78dd4d0b82ffef1474848ff2708a68ec8161b7cfdd81319ed9895b28

Score

1^/10

Malware Config

Signatures

Kills process with taskkill 1 IoCs

pid	Process
4896	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4896	taskkill.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 4896	4972	cmd.exe	78
PID 4972 wrote to memory of 4896	4972	cmd.exe	78

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bsod.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Windows\system32\taskkill.exe
  taskkill /im csrss.exe /f /t
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads