Overview

overview

7

Static

static

1

bsod.bat

windows7-x64

7

bsod.bat

windows10-1703-x64

7

bsod.bat

windows10-2004-x64

bsod.bat

windows11-21h2-x64

Analysis

  • max time kernel
    0s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2024 12:56

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    bsod.bat

  • Size

    144B

  • MD5

    e70090414fd24337b70a715e92f36428

  • SHA1

    b00185d77630d080ce0d56d9a3fdf74ff52fdf35

  • SHA256

    78bdd9d13dbc4934446c0ac9482bb3b9c79261afcc360ad6019e9e81f046d7c0

  • SHA512

    c1738959dba6edbf65967a0ebb037987d7bf21534ad6a74094ce0b7d80360c478161a215bb9d343b18d1b62a96bfc8bbf68616b10be92fe4c9451cdb9d9d7f02

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bsod.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:632
    • C:\Windows\system32\takeown.exe
      takeown /f C:\users\
      2⤵
      • Modifies file permissions
      PID:4036
    • C:\Windows\system32\timeout.exe
      timeout 99999999999999999999999999999999999999999999999999999999999999
      2⤵
      • Delays execution with timeout.exe
      PID:2620
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell wininit
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5088
      • C:\Windows\system32\wininit.exe
        "C:\Windows\system32\wininit.exe"
        3⤵
          PID:2092

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5b45rwba.xt3.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/5088-5-0x000001FB5AA10000-0x000001FB5AA32000-memory.dmp

      Filesize

      136KB

      Download

    • memory/5088-10-0x00007FFF7C670000-0x00007FFF7D131000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/5088-11-0x000001FB5AAD0000-0x000001FB5AAE0000-memory.dmp

      Filesize

      64KB

      Download