Overview

overview

10

Static

static

10

Cleaners/a...er.exe

windows10-2004-x64

9

Cleaners/a...rm.exe

windows10-2004-x64

7

Cleaners/clean1.bat

windows10-2004-x64

5

Cleaners/clean2.bat

windows10-2004-x64

4

Cleaners/clean3.bat

windows10-2004-x64

1

Cleaners/clean4.bat

windows10-2004-x64

1

Cleaners/clean5.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cleaners/clean4.bat

  • Size

    853KB

  • MD5

    d4c34b33b42ce1a0aa1227fa3a768124

  • SHA1

    796606e45d27fd332c6143f6f09cef3c8a522493

  • SHA256

    d2f5b505cd5a6baaabb9d1f51f6b5800139034db44e220f83b44cd66b3197b38

  • SHA512

    33ffd3944bfe182cfcd9f40bb73af997db37692f6a769953e931af24acbebaa2a698254860fc2095cd507d84a2437907016cc8d1bd3614cf6899f6428ef86ff1

  • SSDEEP

    6144:5tJVSIIgunYMX7GmOgDsMrODuUpW/kBkOR1:X6IIgunYMKmOgDsMrODuUpW/kBkOR1

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 11 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Cleaners\clean4.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:224
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im epicgameslauncher.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4820
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4616
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3308
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1452
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteLauncher.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4756
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im UnrealCEFSubProcess.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2060
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im CEFProcess.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3372
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im EasyAntiCheat.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1436
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im BEService.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3540
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im BEServices.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2992
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im BattleEye.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads