c0e61a73129505b65afd347cf6c47aa6452b1067100d919680439700eaefdc48

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

start.bat
Size

293B
MD5

be680fad4dc8489156ff4de4840debb3
SHA1

036291ed70acf301d818fe67006b0ba79a316d5c
SHA256

10ebe45a2c765ab62585acc7b6c854b7870d74cfd884e7a3ca445ba0e42365bb
SHA512

4703b6dfc9950608e17902e750f1fd9b98537142d7ef239531d1e9c00fbb1e3fa33d974177d4d0db895f6cd0943433cdda7e88926e333159bed309cef17042e5

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 31 IoCs

evasion

pid	Process
3940	timeout.exe
1684	timeout.exe
4388	timeout.exe
1260	timeout.exe
2076	timeout.exe
5004	timeout.exe
3584	timeout.exe
1408	timeout.exe
3876	timeout.exe
2940	timeout.exe
4132	timeout.exe
1892	timeout.exe
1284	timeout.exe
2416	timeout.exe
4536	timeout.exe
4648	timeout.exe
4852	timeout.exe
2856	timeout.exe
1976	timeout.exe
2300	timeout.exe
4964	timeout.exe
1036	timeout.exe
3784	timeout.exe
408	timeout.exe
3256	timeout.exe
4888	timeout.exe
2476	timeout.exe
8	timeout.exe
2344	timeout.exe
4456	timeout.exe
4184	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 2868	4616	cmd.exe	92
PID 4616 wrote to memory of 2868	4616	cmd.exe	92
PID 4616 wrote to memory of 4888	4616	cmd.exe	93
PID 4616 wrote to memory of 4888	4616	cmd.exe	93
PID 4616 wrote to memory of 4088	4616	cmd.exe	97
PID 4616 wrote to memory of 4088	4616	cmd.exe	97
PID 4616 wrote to memory of 4536	4616	cmd.exe	98
PID 4616 wrote to memory of 4536	4616	cmd.exe	98
PID 4616 wrote to memory of 3308	4616	cmd.exe	100
PID 4616 wrote to memory of 3308	4616	cmd.exe	100
PID 4616 wrote to memory of 2856	4616	cmd.exe	101
PID 4616 wrote to memory of 2856	4616	cmd.exe	101
PID 4616 wrote to memory of 3120	4616	cmd.exe	103
PID 4616 wrote to memory of 3120	4616	cmd.exe	103
PID 4616 wrote to memory of 2940	4616	cmd.exe	104
PID 4616 wrote to memory of 2940	4616	cmd.exe	104
PID 4616 wrote to memory of 2156	4616	cmd.exe	105
PID 4616 wrote to memory of 2156	4616	cmd.exe	105
PID 4616 wrote to memory of 2476	4616	cmd.exe	106
PID 4616 wrote to memory of 2476	4616	cmd.exe	106
PID 4616 wrote to memory of 4032	4616	cmd.exe	107
PID 4616 wrote to memory of 4032	4616	cmd.exe	107
PID 4616 wrote to memory of 4132	4616	cmd.exe	108
PID 4616 wrote to memory of 4132	4616	cmd.exe	108
PID 4616 wrote to memory of 4608	4616	cmd.exe	110
PID 4616 wrote to memory of 4608	4616	cmd.exe	110
PID 4616 wrote to memory of 1036	4616	cmd.exe	111
PID 4616 wrote to memory of 1036	4616	cmd.exe	111
PID 4616 wrote to memory of 3512	4616	cmd.exe	113
PID 4616 wrote to memory of 3512	4616	cmd.exe	113
PID 4616 wrote to memory of 1284	4616	cmd.exe	114
PID 4616 wrote to memory of 1284	4616	cmd.exe	114
PID 4616 wrote to memory of 3408	4616	cmd.exe	115
PID 4616 wrote to memory of 3408	4616	cmd.exe	115
PID 4616 wrote to memory of 1976	4616	cmd.exe	116
PID 4616 wrote to memory of 1976	4616	cmd.exe	116
PID 4616 wrote to memory of 824	4616	cmd.exe	119
PID 4616 wrote to memory of 824	4616	cmd.exe	119
PID 4616 wrote to memory of 2300	4616	cmd.exe	120
PID 4616 wrote to memory of 2300	4616	cmd.exe	120
PID 4616 wrote to memory of 3224	4616	cmd.exe	123
PID 4616 wrote to memory of 3224	4616	cmd.exe	123
PID 4616 wrote to memory of 3940	4616	cmd.exe	124
PID 4616 wrote to memory of 3940	4616	cmd.exe	124
PID 4616 wrote to memory of 644	4616	cmd.exe	126
PID 4616 wrote to memory of 644	4616	cmd.exe	126
PID 4616 wrote to memory of 5004	4616	cmd.exe	127
PID 4616 wrote to memory of 5004	4616	cmd.exe	127
PID 4616 wrote to memory of 4336	4616	cmd.exe	128
PID 4616 wrote to memory of 4336	4616	cmd.exe	128
PID 4616 wrote to memory of 4648	4616	cmd.exe	129
PID 4616 wrote to memory of 4648	4616	cmd.exe	129
PID 4616 wrote to memory of 2280	4616	cmd.exe	130
PID 4616 wrote to memory of 2280	4616	cmd.exe	130
PID 4616 wrote to memory of 3784	4616	cmd.exe	131
PID 4616 wrote to memory of 3784	4616	cmd.exe	131
PID 4616 wrote to memory of 3564	4616	cmd.exe	132
PID 4616 wrote to memory of 3564	4616	cmd.exe	132
PID 4616 wrote to memory of 1684	4616	cmd.exe	133
PID 4616 wrote to memory of 1684	4616	cmd.exe	133
PID 4616 wrote to memory of 3120	4616	cmd.exe	134
PID 4616 wrote to memory of 3120	4616	cmd.exe	134
PID 4616 wrote to memory of 4388	4616	cmd.exe	135
PID 4616 wrote to memory of 4388	4616	cmd.exe	135

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4888
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4088
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4536
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3308
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2856
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3120
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2940
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:2156
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2476
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4032
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4132
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4608
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1036
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3512
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1284
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3408
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1976
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:824
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2300
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3224
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:3940
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:644
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:5004
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4336
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4648
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:2280
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:3784
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3564
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1684
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3120
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4388
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:1104
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4964
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:640
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:408
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2416
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:1204
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:3584
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4492
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1260
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:1120
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1892
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4668
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:1408
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:2152
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:8
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3916
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2344
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:3900
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:3876
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:824
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4456
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4080
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:2076
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:4008
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4852
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:2860
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:4184
- C:\Users\Admin\AppData\Local\Temp\wildrig.exe
  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
  2⤵
  PID:1548
- C:\Windows\system32\timeout.exe
  timeout /t 5
  2⤵
  - Delays execution with timeout.exe
  PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
1⤵
PID:2852

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads