44f8066f26221811ada486cd0182f6d264eda747f67f42245bae9265a28180c4

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iubhnuerfwiuherwfiuhewfiuhewfiuiuefwuihefwuihewfuhewfuewfueuwfhi.bat
Size

583B
MD5

a88236b393cbea80f72d29785be483c3
SHA1

6ebf04c2270e2738f7c6d2ccb4f2eb2d38335f1f
SHA256

278fa8d4fb12b506bb712bc9a5562bc1718f88a0a53899ffe479b51c6bf55cf2
SHA512

fdd5202f6569e4822d3148417153d5b0e1446b731f162ace04f78a726d77555e6b5e9856be8c34f3fc046ba960d88084fb550adf155a496d01e6c97665da4aca

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 22 IoCs

evasion

pid	Process
4456	timeout.exe
3704	timeout.exe
964	timeout.exe
228	timeout.exe
4120	timeout.exe
4372	timeout.exe
5068	timeout.exe
376	timeout.exe
908	timeout.exe
2304	timeout.exe
2020	timeout.exe
1840	timeout.exe
216	timeout.exe
3316	timeout.exe
2964	timeout.exe
4884	timeout.exe
1404	timeout.exe
2128	timeout.exe
4088	timeout.exe
448	timeout.exe
2620	timeout.exe
4564	timeout.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 228	4964	cmd.exe	90
PID 4964 wrote to memory of 228	4964	cmd.exe	90
PID 4964 wrote to memory of 4884	4964	cmd.exe	92
PID 4964 wrote to memory of 4884	4964	cmd.exe	92
PID 4964 wrote to memory of 1404	4964	cmd.exe	93
PID 4964 wrote to memory of 1404	4964	cmd.exe	93
PID 4964 wrote to memory of 908	4964	cmd.exe	94
PID 4964 wrote to memory of 908	4964	cmd.exe	94
PID 4964 wrote to memory of 4456	4964	cmd.exe	95
PID 4964 wrote to memory of 4456	4964	cmd.exe	95
PID 4964 wrote to memory of 3704	4964	cmd.exe	96
PID 4964 wrote to memory of 3704	4964	cmd.exe	96
PID 4964 wrote to memory of 4120	4964	cmd.exe	97
PID 4964 wrote to memory of 4120	4964	cmd.exe	97
PID 4964 wrote to memory of 2304	4964	cmd.exe	98
PID 4964 wrote to memory of 2304	4964	cmd.exe	98
PID 4964 wrote to memory of 2128	4964	cmd.exe	99
PID 4964 wrote to memory of 2128	4964	cmd.exe	99
PID 4964 wrote to memory of 4088	4964	cmd.exe	100
PID 4964 wrote to memory of 4088	4964	cmd.exe	100
PID 4964 wrote to memory of 2020	4964	cmd.exe	101
PID 4964 wrote to memory of 2020	4964	cmd.exe	101
PID 4964 wrote to memory of 448	4964	cmd.exe	102
PID 4964 wrote to memory of 448	4964	cmd.exe	102
PID 4964 wrote to memory of 964	4964	cmd.exe	105
PID 4964 wrote to memory of 964	4964	cmd.exe	105
PID 4964 wrote to memory of 4372	4964	cmd.exe	107
PID 4964 wrote to memory of 4372	4964	cmd.exe	107
PID 4964 wrote to memory of 1840	4964	cmd.exe	109
PID 4964 wrote to memory of 1840	4964	cmd.exe	109
PID 4964 wrote to memory of 216	4964	cmd.exe	110
PID 4964 wrote to memory of 216	4964	cmd.exe	110
PID 4964 wrote to memory of 3316	4964	cmd.exe	111
PID 4964 wrote to memory of 3316	4964	cmd.exe	111
PID 4964 wrote to memory of 2964	4964	cmd.exe	113
PID 4964 wrote to memory of 2964	4964	cmd.exe	113
PID 4964 wrote to memory of 2620	4964	cmd.exe	114
PID 4964 wrote to memory of 2620	4964	cmd.exe	114
PID 4964 wrote to memory of 4564	4964	cmd.exe	115
PID 4964 wrote to memory of 4564	4964	cmd.exe	115
PID 4964 wrote to memory of 5068	4964	cmd.exe	118
PID 4964 wrote to memory of 5068	4964	cmd.exe	118
PID 4964 wrote to memory of 376	4964	cmd.exe	119
PID 4964 wrote to memory of 376	4964	cmd.exe	119

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\iubhnuerfwiuherwfiuhewfiuhewfiuiuefwuihefwuihewfuhewfuewfueuwfhi.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:228
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:4884
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1404
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:908
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:4456
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:3704
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:4120
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2304
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2128
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:4088
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2020
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:448
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:964
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:4372
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:1840
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:216
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:3316
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2964
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2620
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:4564
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:5068
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:1920

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads