af087e44b9920b0dd59aac8a366a167d5f5457e608b6616450d73956294a9500

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cleaners/clean2.bat
Size

854KB
MD5

181b6db3092989609f7878c4e51aa220
SHA1

c2f2eb7aa2ad301f76598164daaf04574846c58d
SHA256

798f56c1a6e8f546d57386f93fba2c138b687a002c89535e114ceb938a33970d
SHA512

e9ebfa63520d9b00516deb11cdfda317fcb8edeafb453001ee999ba0bfb06f0b80ff026ba5b80fe8d78d80313501e814f94070de5dfcbcba8d131591ea37ba4f
SSDEEP

6144:XtJlSvOPgunY1X7G4LsMrkDWUpWOlBkORX:9qvOPgunY1K4LsMrkDWUpWOlBkORX

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\c_keyboard.inf	cmd.exe
File opened for modification	C:\Windows\INF\MSDTCB~1.0\0410\_TransactionBridgePerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\net7800-x64-n650f.inf	cmd.exe
File opened for modification	C:\Windows\INF\SERVIC~2.0\0410\_ServiceModelOperationPerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\rt640x64.inf	cmd.exe
File opened for modification	C:\Windows\INF\UGTHRSVC\0409\gthrctr.ini	cmd.exe
File opened for modification	C:\Windows\INF\wpdcomp.inf	cmd.exe
File opened for modification	C:\Windows\INF\.NET Data Provider for SqlServer\0000\_dataperfcounters_shared12_neutral_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_fscfsmetadataserver.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_scmdisk.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmmct.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_receiptprinter.inf	cmd.exe
File opened for modification	C:\Windows\INF\mlx4_bus.inf	cmd.exe
File opened for modification	C:\Windows\INF\UGTHRSVC\0C0A\gthrctr.ini	cmd.exe
File opened for modification	C:\Windows\INF\mdmusrsp.inf	cmd.exe
File opened for modification	C:\Windows\INF\netbrdg.inf	cmd.exe
File opened for modification	C:\Windows\INF\TAPISRV\0409\tapiperf.ini	cmd.exe
File opened for modification	C:\Windows\INF\rndiscmp.inf	cmd.exe
File opened for modification	C:\Windows\INF\sensorsservicedriver.inf	cmd.exe
File opened for modification	C:\Windows\INF\tsprint.inf	cmd.exe
File opened for modification	C:\Windows\INF\usbhub\0407\usbperf.ini	cmd.exe
File opened for modification	C:\Windows\INF\.NET CLR Networking\0410\_Networkingperfcounters_v2_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\mdminfot.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmtdkj3.inf	cmd.exe
File opened for modification	C:\Windows\INF\pmem.inf	cmd.exe
File opened for modification	C:\Windows\INF\.NET Memory Cache 4.0\netmemorycache.ini	cmd.exe
File opened for modification	C:\Windows\INF\SERVIC~3.0\0407\_ServiceModelServicePerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\UGatherer\0407\gsrvctr.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_usbfn.inf	cmd.exe
File opened for modification	C:\Windows\INF\rdyboost\0410\ReadyBoostPerfCounters.ini	cmd.exe
File opened for modification	C:\Windows\INF\.NET Data Provider for SqlServer\040C\_dataperfcounters_shared12_neutral_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_extension.inf	cmd.exe
File opened for modification	C:\Windows\INF\microsoft_bluetooth_a2dp_src.inf	cmd.exe
File opened for modification	C:\Windows\INF\wvmic_ext.inf	cmd.exe
File opened for modification	C:\Windows\INF\netathr10x.inf	cmd.exe
File opened for modification	C:\Windows\INF\Windows Workflow Foundation 4.0.0.0\PerfCounters.h	cmd.exe
File opened for modification	C:\Windows\INF\wstorvsc.inf	cmd.exe
File opened for modification	C:\Windows\INF\wudfusbcciddriver.inf	cmd.exe
File opened for modification	C:\Windows\INF\nettcpip.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_multifunction.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_smrvolume.inf	cmd.exe
File opened for modification	C:\Windows\INF\HidTelephonyDriver.inf	cmd.exe
File opened for modification	C:\Windows\INF\netsstpa.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmgl006.inf	cmd.exe
File opened for modification	C:\Windows\INF\vstxraid.inf	cmd.exe
File opened for modification	C:\Windows\INF\wsearchidxpi\0411\idxcntrs.ini	cmd.exe
File opened for modification	C:\Windows\INF\TermService\0407\tslabels.ini	cmd.exe
File opened for modification	C:\Windows\INF\ts_generic.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_floppydisk.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_fscompression.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_memory.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmpp.inf	cmd.exe
File opened for modification	C:\Windows\INF\.NET CLR Networking 4.0.0.0\0C0A\_Networkingperfcounters_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\usbhub\0000\usbperf.ini	cmd.exe
File opened for modification	C:\Windows\INF\wgencounter.inf	cmd.exe
File opened for modification	C:\Windows\INF\.NET CLR Data\0000\_DataPerfCounters_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\BITS\0410\bitsctrs.ini	cmd.exe
File opened for modification	C:\Windows\INF\BITS\0411\bitsctrs.ini	cmd.exe
File opened for modification	C:\Windows\INF\uiccspb.inf	cmd.exe
File opened for modification	C:\Windows\INF\netxex64.inf	cmd.exe
File opened for modification	C:\Windows\INF\sti.inf	cmd.exe
File opened for modification	C:\Windows\INF\.NET CLR Data\0C0A\_DataPerfCounters_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\basicdisplay.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmtdkj5.inf	cmd.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Cleaners\clean2.bat"
1⤵
- Drops file in Windows directory
PID:4776

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads