350bbf9c1188c31014d4bfa8fa41fdd75a3accdcbd6d3d9246f95990054bd1e2

Analysis

max time kernel
1485s
max time network
1500s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15-07-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Club Penguin.bat
Size

487B
MD5

f78efed166212c96ecaa8e5a5a30b1de
SHA1

31d53e1bf938b97e4a5ece951db22b404ac0a307
SHA256

350bbf9c1188c31014d4bfa8fa41fdd75a3accdcbd6d3d9246f95990054bd1e2
SHA512

fd7300debc25a11b67b7b489a9786415e342b74a2c18ca7a80eca6ab5c0ae6232290eb68b5e871ef44332f5f5406c1891d4bd5760feccc03ddbd41ad365123e8

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
5576	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 744	2808	cmd.exe	82
PID 2808 wrote to memory of 744	2808	cmd.exe	82
PID 2808 wrote to memory of 668	2808	cmd.exe	83
PID 2808 wrote to memory of 668	2808	cmd.exe	83
PID 2808 wrote to memory of 5776	2808	cmd.exe	84
PID 2808 wrote to memory of 5776	2808	cmd.exe	84
PID 2808 wrote to memory of 4648	2808	cmd.exe	85
PID 2808 wrote to memory of 4648	2808	cmd.exe	85
PID 2808 wrote to memory of 3004	2808	cmd.exe	86
PID 2808 wrote to memory of 3004	2808	cmd.exe	86
PID 2808 wrote to memory of 2008	2808	cmd.exe	87
PID 2808 wrote to memory of 2008	2808	cmd.exe	87
PID 2808 wrote to memory of 2372	2808	cmd.exe	88
PID 2808 wrote to memory of 2372	2808	cmd.exe	88
PID 2808 wrote to memory of 4744	2808	cmd.exe	89
PID 2808 wrote to memory of 4744	2808	cmd.exe	89
PID 2808 wrote to memory of 4956	2808	cmd.exe	90
PID 2808 wrote to memory of 4956	2808	cmd.exe	90
PID 2808 wrote to memory of 4656	2808	cmd.exe	91
PID 2808 wrote to memory of 4656	2808	cmd.exe	91
PID 2808 wrote to memory of 5184	2808	cmd.exe	92
PID 2808 wrote to memory of 5184	2808	cmd.exe	92
PID 2808 wrote to memory of 1564	2808	cmd.exe	93
PID 2808 wrote to memory of 1564	2808	cmd.exe	93
PID 2808 wrote to memory of 2012	2808	cmd.exe	94
PID 2808 wrote to memory of 2012	2808	cmd.exe	94
PID 2808 wrote to memory of 1344	2808	cmd.exe	97
PID 2808 wrote to memory of 1344	2808	cmd.exe	97
PID 2808 wrote to memory of 1868	2808	cmd.exe	98
PID 2808 wrote to memory of 1868	2808	cmd.exe	98
PID 2808 wrote to memory of 5192	2808	cmd.exe	99
PID 2808 wrote to memory of 5192	2808	cmd.exe	99
PID 2808 wrote to memory of 2800	2808	cmd.exe	100
PID 2808 wrote to memory of 2800	2808	cmd.exe	100
PID 2808 wrote to memory of 3768	2808	cmd.exe	101
PID 2808 wrote to memory of 3768	2808	cmd.exe	101
PID 2808 wrote to memory of 5164	2808	cmd.exe	102
PID 2808 wrote to memory of 5164	2808	cmd.exe	102
PID 2808 wrote to memory of 5808	2808	cmd.exe	103
PID 2808 wrote to memory of 5808	2808	cmd.exe	103
PID 2808 wrote to memory of 3272	2808	cmd.exe	105
PID 2808 wrote to memory of 3272	2808	cmd.exe	105
PID 2808 wrote to memory of 1364	2808	cmd.exe	106
PID 2808 wrote to memory of 1364	2808	cmd.exe	106
PID 2808 wrote to memory of 5108	2808	cmd.exe	107
PID 2808 wrote to memory of 5108	2808	cmd.exe	107
PID 2808 wrote to memory of 2708	2808	cmd.exe	117
PID 2808 wrote to memory of 2708	2808	cmd.exe	117
PID 2808 wrote to memory of 1188	2808	cmd.exe	129
PID 2808 wrote to memory of 1188	2808	cmd.exe	129
PID 2808 wrote to memory of 480	2808	cmd.exe	131
PID 2808 wrote to memory of 480	2808	cmd.exe	131
PID 2808 wrote to memory of 2680	2808	cmd.exe	132
PID 2808 wrote to memory of 2680	2808	cmd.exe	132
PID 2808 wrote to memory of 5052	2808	cmd.exe	133
PID 2808 wrote to memory of 5052	2808	cmd.exe	133
PID 2808 wrote to memory of 4440	2808	cmd.exe	136
PID 2808 wrote to memory of 4440	2808	cmd.exe	136
PID 2808 wrote to memory of 4384	2808	cmd.exe	139
PID 2808 wrote to memory of 4384	2808	cmd.exe	139
PID 2808 wrote to memory of 4552	2808	cmd.exe	141
PID 2808 wrote to memory of 4552	2808	cmd.exe	141
PID 2808 wrote to memory of 1140	2808	cmd.exe	144
PID 2808 wrote to memory of 1140	2808	cmd.exe	144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Club Penguin.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:744
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:668
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5776
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4648
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3004
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2008
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4744
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4956
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4656
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5184
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1564
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2012
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1344
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1868
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5192
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2800
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3768
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5164
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5808
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3272
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1364
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5108
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:480
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2680
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4440
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4384
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4552
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1140
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6012
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5904
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1044
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6032
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:6016
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5892
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5212
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3348
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4800
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:692
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5012
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3504
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2744
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1584
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4616
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5328
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5296
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:1520
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4152
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:388
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:3000
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4080
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:4804
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2392
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2620
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:5208
- C:\Windows\system32\timeout.exe
  timeout /t 20 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5576
- C:\Windows\system32\wscript.exe
  wscript msg.vbs
  2⤵
  PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\msg.vbs

Filesize
116B

MD5
3f11bb7fbdfc35561a5ebc1dd83b82a6

SHA1
bef5f86da83a18fafc3bb887c4bbcde3b8334ef5

SHA256
6a7bb1bcb407af8ebb98d3c12aa411d0356db0070c50b138ebbd1d5c95bfd96f

SHA512
8494ae0052daccdd22b585623d4ebb067b02d578b8048280d4b46195bf446e0df7915c386bcf6d2b7a741a1b38a07beaa3354f18b6780ceeeafe6837d2c8ecdb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads