Analysis Overview
score
7/10
SHA256
1824c0a88a597388f800a4bf589ae2bc70ac7969f504153ab757dd8360308de3
Threat Level: Shows suspicious behavior
The file D34TH 5.0 .bat was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks for this command that runs a batch skript as administrator: net session >nul 2>&1 || (powershell start -verb runas '"%~0"' &exit /b)
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-05-04 23:58
Signatures
Checks for this command that runs a batch skript as administrator: net session >nul 2>&1 || (powershell start -verb runas '"%~0"' &exit /b)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-04 23:58
Reported
2024-05-05 00:01
Platform
win11-20240426-en
Max time kernel
93s
Max time network
94s
Command Line
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D34TH 5.0 .bat"
Signatures
N/A
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D34TH 5.0 .bat"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
N/A