90eb658e0e480ffa26e03d39b51303dda3351190b3f67a8757407eb2c22e02ba

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 15:14

Target

aimware.bat
Size

786B
MD5

856eb0da59bbc3456627714fa074f7d0
SHA1

72adf7de1fea3e271737e0efd8985da99077c7a8
SHA256

90eb658e0e480ffa26e03d39b51303dda3351190b3f67a8757407eb2c22e02ba
SHA512

fbe2c44793a2f1f00b2d61848f91fa53ba0b3ec78db1ce03b662d770d458a7cfd0ac32a57bfc872a0c7af7011cfcb8c66138ecd64396593d3eae0323394e24eb

Score

1^/10

Kills process with taskkill 1 IoCs

evasion

pid	Process
2568	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2568	taskkill.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2348	2944	cmd.exe	29
PID 2944 wrote to memory of 2348	2944	cmd.exe	29
PID 2944 wrote to memory of 2348	2944	cmd.exe	29
PID 2944 wrote to memory of 2428	2944	cmd.exe	30
PID 2944 wrote to memory of 2428	2944	cmd.exe	30
PID 2944 wrote to memory of 2428	2944	cmd.exe	30
PID 2944 wrote to memory of 2568	2944	cmd.exe	31
PID 2944 wrote to memory of 2568	2944	cmd.exe	31
PID 2944 wrote to memory of 2568	2944	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\aimware.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\system32\cscript.exe
  cscript //nologo error.vbs
  2⤵
  PID:2348
- C:\Windows\system32\cscript.exe
  cscript //nologo error2.vbs
  2⤵
  PID:2428
- C:\Windows\system32\taskkill.exe
  taskkill /f /im ntoskrnl.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2568

C:\Users\Admin\AppData\Local\Temp\error.vbs

Filesize
127B

MD5
c270a0e3d7fdfc96b067c92bcdac5545

SHA1
0c987e24ed4b6db10e542a9667f154a9f9513613

SHA256
3a28b84cda6cc0847552bd99ce4a63579d1b732ee86023160058c40847274131

SHA512
2e268090f5279bff5174b1982836646993f8cd3644a93f40530ba1721782f330f0ccfbfd2843198e188a11891060cbd03670a0ecefde3d723dc6a00cf607f76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\error2.vbs

Filesize
141B

MD5
b4d1ce07344df9b9a9443fc4490eb28f

SHA1
3e073c3d5ecb5ec1f314a8f96003f817750bb519

SHA256
0f3fad417d62ab904c802d5216ed6049a1a9049e0e766a0c90855336fabc2de0

SHA512
448343219dc12269f5e4c92dd594bc0579b75566efe3d242e5c0030e995087ffd6af9e1bead6202e65b96467e76fa4a2e5609c5a158e904b97954efa3617e253

Download Submit