ba79697437122bfa4403011cbd2e922297f95d52b17d90f9e4ef387cada1f025

Analysis

max time kernel
447s
max time network
449s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
04/05/2024, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Scanner.bat
Size

3KB
MD5

b098270c971394dc612ac8dc551148c2
SHA1

3542a6fd4b603a211deb7cf408f7aa0c3e18e116
SHA256

ba79697437122bfa4403011cbd2e922297f95d52b17d90f9e4ef387cada1f025
SHA512

4815319cf9b17c3f0b8dfe9b8382099e892c439b260be716e74bbdcaff8cd255b45b13c36472adeaa29020ff2067da02fa14d5018957b866873086aa19735028

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 16 IoCs

evasion

pid	Process
1844	timeout.exe
3068	timeout.exe
2108	timeout.exe
1984	timeout.exe
3700	timeout.exe
904	timeout.exe
1368	timeout.exe
1740	timeout.exe
2720	timeout.exe
4464	timeout.exe
4084	timeout.exe
1384	timeout.exe
3892	timeout.exe
668	timeout.exe
1156	timeout.exe
1208	timeout.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 3892	4940	cmd.exe	79
PID 4940 wrote to memory of 3892	4940	cmd.exe	79
PID 4940 wrote to memory of 668	4940	cmd.exe	80
PID 4940 wrote to memory of 668	4940	cmd.exe	80
PID 4940 wrote to memory of 904	4940	cmd.exe	81
PID 4940 wrote to memory of 904	4940	cmd.exe	81
PID 4940 wrote to memory of 1156	4940	cmd.exe	82
PID 4940 wrote to memory of 1156	4940	cmd.exe	82
PID 4940 wrote to memory of 1844	4940	cmd.exe	83
PID 4940 wrote to memory of 1844	4940	cmd.exe	83
PID 4940 wrote to memory of 1368	4940	cmd.exe	84
PID 4940 wrote to memory of 1368	4940	cmd.exe	84
PID 4940 wrote to memory of 4084	4940	cmd.exe	85
PID 4940 wrote to memory of 4084	4940	cmd.exe	85
PID 4940 wrote to memory of 1740	4940	cmd.exe	86
PID 4940 wrote to memory of 1740	4940	cmd.exe	86
PID 4940 wrote to memory of 3068	4940	cmd.exe	87
PID 4940 wrote to memory of 3068	4940	cmd.exe	87
PID 4940 wrote to memory of 1384	4940	cmd.exe	88
PID 4940 wrote to memory of 1384	4940	cmd.exe	88
PID 4940 wrote to memory of 1208	4940	cmd.exe	89
PID 4940 wrote to memory of 1208	4940	cmd.exe	89
PID 4940 wrote to memory of 2720	4940	cmd.exe	90
PID 4940 wrote to memory of 2720	4940	cmd.exe	90
PID 4940 wrote to memory of 2108	4940	cmd.exe	91
PID 4940 wrote to memory of 2108	4940	cmd.exe	91
PID 4940 wrote to memory of 1984	4940	cmd.exe	92
PID 4940 wrote to memory of 1984	4940	cmd.exe	92
PID 4940 wrote to memory of 4464	4940	cmd.exe	93
PID 4940 wrote to memory of 4464	4940	cmd.exe	93
PID 4940 wrote to memory of 3700	4940	cmd.exe	94
PID 4940 wrote to memory of 3700	4940	cmd.exe	94

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Scanner.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1156
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1844
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1208
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2720
- C:\Windows\system32\timeout.exe
  timeout /t 10
  2⤵
  - Delays execution with timeout.exe
  PID:2108
- C:\Windows\system32\timeout.exe
  timeout /t 10
  2⤵
  - Delays execution with timeout.exe
  PID:1984
- C:\Windows\system32\timeout.exe
  timeout /t 10
  2⤵
  - Delays execution with timeout.exe
  PID:4464
- C:\Windows\system32\timeout.exe
  timeout /t 10
  2⤵
  - Delays execution with timeout.exe
  PID:3700

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads