44f8066f26221811ada486cd0182f6d264eda747f67f42245bae9265a28180c4

General

Target

iubhnuerfwiuherwfiuhewfiuhewfiuiuefwuihefwuihewfuhewfuewfueuwfhi.bat
Size

583B
MD5

a88236b393cbea80f72d29785be483c3
SHA1

6ebf04c2270e2738f7c6d2ccb4f2eb2d38335f1f
SHA256

278fa8d4fb12b506bb712bc9a5562bc1718f88a0a53899ffe479b51c6bf55cf2
SHA512

fdd5202f6569e4822d3148417153d5b0e1446b731f162ace04f78a726d77555e6b5e9856be8c34f3fc046ba960d88084fb550adf155a496d01e6c97665da4aca

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 22 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
4456	timeout.exe
3704	timeout.exe
964	timeout.exe
228	timeout.exe
4120	timeout.exe
4372	timeout.exe
5068	timeout.exe
376	timeout.exe
908	timeout.exe
2304	timeout.exe
2020	timeout.exe
1840	timeout.exe
216	timeout.exe
3316	timeout.exe
2964	timeout.exe
4884	timeout.exe
1404	timeout.exe
2128	timeout.exe
4088	timeout.exe
448	timeout.exe
2620	timeout.exe
4564	timeout.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 4964 wrote to memory of 228	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 228	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4884	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4884	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 1404	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 1404	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 908	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 908	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4456	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4456	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 3704	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 3704	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4120	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4120	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2304	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2304	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2128	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2128	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4088	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4088	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2020	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2020	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 448	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 448	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 964	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 964	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4372	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4372	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 1840	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 1840	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 216	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 216	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 3316	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 3316	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2964	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2964	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2620	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 2620	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4564	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 4564	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 5068	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 5068	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 376	4964	cmd.exe	timeout.exe
PID 4964 wrote to memory of 376	4964	cmd.exe	timeout.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\iubhnuerfwiuherwfiuhewfiuhewfiuiuefwuihefwuihewfuhewfuewfueuwfhi.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:228

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:4884

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:1404

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:908

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:4456

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:3704

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:4120

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:2304

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:2128

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:4088

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:2020

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:448

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:964

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:4372

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:1840

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:216

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:3316

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:2964

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:2620

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:4564

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:5068

C:\Windows\system32\timeout.exe
timeout 1
2⤵
- Delays execution with timeout.exe
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:1920

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads