af087e44b9920b0dd59aac8a366a167d5f5457e608b6616450d73956294a9500

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cleaners/clean2.bat
Size

854KB
MD5

181b6db3092989609f7878c4e51aa220
SHA1

c2f2eb7aa2ad301f76598164daaf04574846c58d
SHA256

798f56c1a6e8f546d57386f93fba2c138b687a002c89535e114ceb938a33970d
SHA512

e9ebfa63520d9b00516deb11cdfda317fcb8edeafb453001ee999ba0bfb06f0b80ff026ba5b80fe8d78d80313501e814f94070de5dfcbcba8d131591ea37ba4f
SSDEEP

6144:XtJlSvOPgunY1X7G4LsMrkDWUpWOlBkORX:9qvOPgunY1K4LsMrkDWUpWOlBkORX

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\ESENT\0407\esentprf.ini	cmd.exe
File opened for modification	C:\Windows\INF\mdmpace.inf	cmd.exe
File opened for modification	C:\Windows\INF\microsoft_bluetooth_hfp_ag.inf	cmd.exe
File opened for modification	C:\Windows\INF\UGTHRSVC\0411\gthrctr.ini	cmd.exe
File opened for modification	C:\Windows\INF\Windows Workflow Foundation 4.0.0.0\040C\PerfCounters_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_mouse.inf	cmd.exe
File opened for modification	C:\Windows\INF\mssmbios.inf	cmd.exe
File opened for modification	C:\Windows\INF\SERVIC~3.0\0000\_ServiceModelServicePerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\ESENT\0409\esentprf.ini	cmd.exe
File opened for modification	C:\Windows\INF\wnetvsc_vfpp.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_bluetooth.inf	cmd.exe
File opened for modification	C:\Windows\INF\dwup.inf	cmd.exe
File opened for modification	C:\Windows\INF\volmgr.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_barcodescanner.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_fshsm.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_fsreplication.inf	cmd.exe
File opened for modification	C:\Windows\INF\hal.inf	cmd.exe
File opened for modification	C:\Windows\INF\wvmic_heartbeat.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmtron.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmvv.inf	cmd.exe
File opened for modification	C:\Windows\INF\buttonconverter.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_holographic.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmatm2k.inf	cmd.exe
File opened for modification	C:\Windows\INF\microsoft_bluetooth_a2dp_src.inf	cmd.exe
File opened for modification	C:\Windows\INF\SERVIC~3.0\0409\_ServiceModelServicePerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\wsearchidxpi\0411\idxcntrs.ini	cmd.exe
File opened for modification	C:\Windows\INF\prnms005.inf	cmd.exe
File opened for modification	C:\Windows\INF\mbtr8897w81x64.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmc26a.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmcxhv6.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmdgitn.inf	cmd.exe
File opened for modification	C:\Windows\INF\netrast.inf	cmd.exe
File opened for modification	C:\Windows\INF\prnms002.inf	cmd.exe
File opened for modification	C:\Windows\INF\keyboard.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmcomp.inf	cmd.exe
File opened for modification	C:\Windows\INF\fdc.inf	cmd.exe
File opened for modification	C:\Windows\INF\halextpl080.inf	cmd.exe
File opened for modification	C:\Windows\INF\1394.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmcrtix.inf	cmd.exe
File opened for modification	C:\Windows\INF\sbp2.inf	cmd.exe
File opened for modification	C:\Windows\INF\rdyboost\0C0A\ReadyBoostPerfCounters.ini	cmd.exe
File opened for modification	C:\Windows\INF\RemoteAccess\0000\rasctrs.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_fsencryption.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_ucm.inf	cmd.exe
File opened for modification	C:\Windows\INF\LSM\040C\lagcounterdef.ini	cmd.exe
File opened for modification	C:\Windows\INF\mdmgl010.inf	cmd.exe
File opened for modification	C:\Windows\INF\multiprt.inf	cmd.exe
File opened for modification	C:\Windows\INF\netpacer.inf	cmd.exe
File opened for modification	C:\Windows\INF\hidbatt.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmmts.inf	cmd.exe
File opened for modification	C:\Windows\INF\netip6.inf	cmd.exe
File opened for modification	C:\Windows\INF\MSDTC\0000\msdtcprf.ini	cmd.exe
File opened for modification	C:\Windows\INF\ndisimplatformmp.inf	cmd.exe
File opened for modification	C:\Windows\INF\WINDOW~1.0\0409\PerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_fsinfrastructure.inf	cmd.exe
File opened for modification	C:\Windows\INF\nett4x64.inf	cmd.exe
File opened for modification	C:\Windows\INF\UGatherer\0C0A\gsrvctr.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_fscopyprotection.inf	cmd.exe
File opened for modification	C:\Windows\INF\hdaudbus.inf	cmd.exe
File opened for modification	C:\Windows\INF\netathrx.inf	cmd.exe
File opened for modification	C:\Windows\INF\wvmic_kvpexchange.inf	cmd.exe
File opened for modification	C:\Windows\INF\.NET Data Provider for Oracle\0411\_DataOracleClientPerfCounters_shared12_neutral_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\acpipagr.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_hidclass.inf	cmd.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Cleaners\clean2.bat"
1⤵
- Drops file in Windows directory
PID:4616

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads