54a868ceffe1ed2a31a6e481d4e878a01135778f5cd1f2b5ca5380b42652766d

Analysis

max time kernel
114s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

du - copia.bat
Size

27B
MD5

e0d015fbd6ba3dd77fdd0a5c6299f922
SHA1

dfbfa6c18923a9bf3bafb854197de22f99f14468
SHA256

54a868ceffe1ed2a31a6e481d4e878a01135778f5cd1f2b5ca5380b42652766d
SHA512

286715e076d975112123c43d4eb196271146abb1afb6d449ae3829a0d91c91dd31ecef356e08fc11c957711dd41b9439b5b57b654e08ecb43f3ce2010a364145

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	13956	taskmgr.exe
Token: SeSystemProfilePrivilege	13956	taskmgr.exe
Token: SeCreateGlobalPrivilege	13956	taskmgr.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe
13956	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 652	4132	cmd.exe	81
PID 4132 wrote to memory of 652	4132	cmd.exe	81
PID 4132 wrote to memory of 3892	4132	cmd.exe	83
PID 4132 wrote to memory of 3892	4132	cmd.exe	83
PID 4132 wrote to memory of 4848	4132	cmd.exe	84
PID 4132 wrote to memory of 4848	4132	cmd.exe	84
PID 4132 wrote to memory of 3884	4132	cmd.exe	85
PID 4132 wrote to memory of 3884	4132	cmd.exe	85
PID 4132 wrote to memory of 3628	4132	cmd.exe	86
PID 4132 wrote to memory of 3628	4132	cmd.exe	86
PID 4132 wrote to memory of 3076	4132	cmd.exe	87
PID 4132 wrote to memory of 3076	4132	cmd.exe	87
PID 4132 wrote to memory of 3560	4132	cmd.exe	88
PID 4132 wrote to memory of 3560	4132	cmd.exe	88
PID 4132 wrote to memory of 4912	4132	cmd.exe	89
PID 4132 wrote to memory of 4912	4132	cmd.exe	89
PID 4132 wrote to memory of 1048	4132	cmd.exe	91
PID 4132 wrote to memory of 1048	4132	cmd.exe	91
PID 4132 wrote to memory of 4668	4132	cmd.exe	92
PID 4132 wrote to memory of 4668	4132	cmd.exe	92
PID 4132 wrote to memory of 5052	4132	cmd.exe	93
PID 4132 wrote to memory of 5052	4132	cmd.exe	93
PID 4132 wrote to memory of 4220	4132	cmd.exe	94
PID 4132 wrote to memory of 4220	4132	cmd.exe	94
PID 4132 wrote to memory of 1880	4132	cmd.exe	95
PID 4132 wrote to memory of 1880	4132	cmd.exe	95
PID 4132 wrote to memory of 668	4132	cmd.exe	97
PID 4132 wrote to memory of 668	4132	cmd.exe	97
PID 4132 wrote to memory of 1852	4132	cmd.exe	99
PID 4132 wrote to memory of 1852	4132	cmd.exe	99
PID 4132 wrote to memory of 1564	4132	cmd.exe	102
PID 4132 wrote to memory of 1564	4132	cmd.exe	102
PID 4132 wrote to memory of 2964	4132	cmd.exe	104
PID 4132 wrote to memory of 2964	4132	cmd.exe	104
PID 4132 wrote to memory of 2052	4132	cmd.exe	105
PID 4132 wrote to memory of 2052	4132	cmd.exe	105
PID 4132 wrote to memory of 4336	4132	cmd.exe	106
PID 4132 wrote to memory of 4336	4132	cmd.exe	106
PID 4132 wrote to memory of 3324	4132	cmd.exe	110
PID 4132 wrote to memory of 3324	4132	cmd.exe	110
PID 4132 wrote to memory of 2576	4132	cmd.exe	113
PID 4132 wrote to memory of 2576	4132	cmd.exe	113
PID 4132 wrote to memory of 4712	4132	cmd.exe	115
PID 4132 wrote to memory of 4712	4132	cmd.exe	115
PID 4132 wrote to memory of 768	4132	cmd.exe	116
PID 4132 wrote to memory of 768	4132	cmd.exe	116
PID 4132 wrote to memory of 1152	4132	cmd.exe	119
PID 4132 wrote to memory of 1152	4132	cmd.exe	119
PID 4132 wrote to memory of 1560	4132	cmd.exe	120
PID 4132 wrote to memory of 1560	4132	cmd.exe	120
PID 4132 wrote to memory of 2940	4132	cmd.exe	123
PID 4132 wrote to memory of 2940	4132	cmd.exe	123
PID 4132 wrote to memory of 2784	4132	cmd.exe	125
PID 4132 wrote to memory of 2784	4132	cmd.exe	125
PID 4132 wrote to memory of 3984	4132	cmd.exe	127
PID 4132 wrote to memory of 3984	4132	cmd.exe	127
PID 4132 wrote to memory of 3968	4132	cmd.exe	129
PID 4132 wrote to memory of 3968	4132	cmd.exe	129
PID 4132 wrote to memory of 3024	4132	cmd.exe	131
PID 4132 wrote to memory of 3024	4132	cmd.exe	131
PID 4132 wrote to memory of 4792	4132	cmd.exe	133
PID 4132 wrote to memory of 4792	4132	cmd.exe	133
PID 4132 wrote to memory of 3108	4132	cmd.exe	134
PID 4132 wrote to memory of 3108	4132	cmd.exe	134

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\du - copia.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3892
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4848
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3884
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3628
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3076
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3560
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1048
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4668
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4220
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1880
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:668
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1852
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1564
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2964
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2052
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4336
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3324
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2576
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4712
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:768
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1152
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1560
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2940
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2784
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3984
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3024
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4792
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3108
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1460
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4676
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:972
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:536
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2696
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2888
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2032
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2736
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4724
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3508
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4264
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3388
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2604
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2676
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5188
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5196
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5204
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5220
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5260
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5268
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5288
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5308
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5316
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5328
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5356
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5368
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5376
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5396
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5420
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5440
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5468
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5476
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5484
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5492
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5500
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5532
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5556
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5572
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5580
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5588
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5596
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5612
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5620
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5648
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5668
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5676
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5684
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5716
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5740
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5764
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5796
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5812
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5840
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5880
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5904
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5924
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5936
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5944
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5952
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5972
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5992
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6020
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6048
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6072
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6096
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6104
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6132
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5248
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5464
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5728
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6160
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6176
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6204
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6232
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6252
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6284
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6312
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6320
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6344
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6364
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6384
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6412
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6440
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6472
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6492
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6500
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6524
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6552
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6568
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6600
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6624
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6644
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6668
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6692
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6716
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6740
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6760
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6788
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6820
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6844
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6860
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6868
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6904
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6924
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6952
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6976
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6996
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7016
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7044
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7060
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7072
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7084
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7096
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7112
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7124
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7136
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7152
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7164
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5876
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6148
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6304
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7184
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7200
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7224
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7264
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7292
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7324
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7360
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7392
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7412
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7452
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7476
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7508
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7552
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7580
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7616
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7640
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7668
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7688
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7712
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7736
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7760
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:7784
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:8344
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10316
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10756
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10772
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10800
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10832
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10852
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10888
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10904
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10932
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11124
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11140
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11156
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11172
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11188
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11228
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11252
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4764
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:10080
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11200
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11284
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11300
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11328
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11344
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11376
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11408
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11776
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11820
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11836
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11852
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11876
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11896
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11912
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11932
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11944
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11976
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:12036
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:12188
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5116
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11428
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11864
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:11988
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:12060
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:12312
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:12332

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:13956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/13956-0-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-2-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-1-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-12-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-11-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-10-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-9-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-8-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-7-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download
memory/13956-6-0x0000024B1FF80000-0x0000024B1FF81000-memory.dmp

Filesize
4KB

Download