d24cf7597088b7974834b5ee0c94d1892959f1506ef38da2c4676fe28c3ec957

Analysis

max time kernel
16s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 19:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Ojo Piojo.bat
Size

994B
MD5

1f82a6ad300902380ac567703669ec18
SHA1

aefd4dc1c8c255be6b2f1e55223ff74440cc735b
SHA256

d24cf7597088b7974834b5ee0c94d1892959f1506ef38da2c4676fe28c3ec957
SHA512

0be56cce6c4a08985462f5c9c328357795d9cabd4896f61e381ad4583b384d7276a242ed6da7a028485630418a76308e9cb9153021a681a188fd29fdf1f80cd6

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
1316	timeout.exe
332	timeout.exe
2344	timeout.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	408	shutdown.exe
Token: SeRemoteShutdownPrivilege	408	shutdown.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2784	2672	cmd.exe	31
PID 2672 wrote to memory of 2784	2672	cmd.exe	31
PID 2672 wrote to memory of 2784	2672	cmd.exe	31
PID 2672 wrote to memory of 2788	2672	cmd.exe	32
PID 2672 wrote to memory of 2788	2672	cmd.exe	32
PID 2672 wrote to memory of 2788	2672	cmd.exe	32
PID 2672 wrote to memory of 2816	2672	cmd.exe	33
PID 2672 wrote to memory of 2816	2672	cmd.exe	33
PID 2672 wrote to memory of 2816	2672	cmd.exe	33
PID 2672 wrote to memory of 2856	2672	cmd.exe	34
PID 2672 wrote to memory of 2856	2672	cmd.exe	34
PID 2672 wrote to memory of 2856	2672	cmd.exe	34
PID 2672 wrote to memory of 2772	2672	cmd.exe	35
PID 2672 wrote to memory of 2772	2672	cmd.exe	35
PID 2672 wrote to memory of 2772	2672	cmd.exe	35
PID 2672 wrote to memory of 2736	2672	cmd.exe	36
PID 2672 wrote to memory of 2736	2672	cmd.exe	36
PID 2672 wrote to memory of 2736	2672	cmd.exe	36
PID 2672 wrote to memory of 2704	2672	cmd.exe	37
PID 2672 wrote to memory of 2704	2672	cmd.exe	37
PID 2672 wrote to memory of 2704	2672	cmd.exe	37
PID 2672 wrote to memory of 1452	2672	cmd.exe	38
PID 2672 wrote to memory of 1452	2672	cmd.exe	38
PID 2672 wrote to memory of 1452	2672	cmd.exe	38
PID 2672 wrote to memory of 2096	2672	cmd.exe	39
PID 2672 wrote to memory of 2096	2672	cmd.exe	39
PID 2672 wrote to memory of 2096	2672	cmd.exe	39
PID 2672 wrote to memory of 2712	2672	cmd.exe	40
PID 2672 wrote to memory of 2712	2672	cmd.exe	40
PID 2672 wrote to memory of 2712	2672	cmd.exe	40
PID 2672 wrote to memory of 2164	2672	cmd.exe	41
PID 2672 wrote to memory of 2164	2672	cmd.exe	41
PID 2672 wrote to memory of 2164	2672	cmd.exe	41
PID 2672 wrote to memory of 2408	2672	cmd.exe	42
PID 2672 wrote to memory of 2408	2672	cmd.exe	42
PID 2672 wrote to memory of 2408	2672	cmd.exe	42
PID 2672 wrote to memory of 2944	2672	cmd.exe	43
PID 2672 wrote to memory of 2944	2672	cmd.exe	43
PID 2672 wrote to memory of 2944	2672	cmd.exe	43
PID 2672 wrote to memory of 2696	2672	cmd.exe	44
PID 2672 wrote to memory of 2696	2672	cmd.exe	44
PID 2672 wrote to memory of 2696	2672	cmd.exe	44
PID 2672 wrote to memory of 2084	2672	cmd.exe	45
PID 2672 wrote to memory of 2084	2672	cmd.exe	45
PID 2672 wrote to memory of 2084	2672	cmd.exe	45
PID 2672 wrote to memory of 2844	2672	cmd.exe	46
PID 2672 wrote to memory of 2844	2672	cmd.exe	46
PID 2672 wrote to memory of 2844	2672	cmd.exe	46
PID 2672 wrote to memory of 2832	2672	cmd.exe	47
PID 2672 wrote to memory of 2832	2672	cmd.exe	47
PID 2672 wrote to memory of 2832	2672	cmd.exe	47
PID 2672 wrote to memory of 2840	2672	cmd.exe	48
PID 2672 wrote to memory of 2840	2672	cmd.exe	48
PID 2672 wrote to memory of 2840	2672	cmd.exe	48
PID 2672 wrote to memory of 2600	2672	cmd.exe	49
PID 2672 wrote to memory of 2600	2672	cmd.exe	49
PID 2672 wrote to memory of 2600	2672	cmd.exe	49
PID 2672 wrote to memory of 2808	2672	cmd.exe	50
PID 2672 wrote to memory of 2808	2672	cmd.exe	50
PID 2672 wrote to memory of 2808	2672	cmd.exe	50
PID 2672 wrote to memory of 1996	2672	cmd.exe	51
PID 2672 wrote to memory of 1996	2672	cmd.exe	51
PID 2672 wrote to memory of 1996	2672	cmd.exe	51
PID 2672 wrote to memory of 2760	2672	cmd.exe	52

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Ojo Piojo.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2784
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2788
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2816
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2856
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2772
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2736
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2704
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1452
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2096
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2712
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2164
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2408
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2944
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2696
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2084
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2844
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2832
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2840
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2600
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1996
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2760
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2748
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2692
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1796
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2632
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2580
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2588
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2596
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2620
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1860
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2652
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2700
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:3048
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:3044
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2476
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:3052
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1320
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2648
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1844
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:272
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:608
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2176
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2452
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1792
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2240
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2676
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2132
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2076
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2128
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2156
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1976
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:264
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:1304
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:2900
- C:\Windows\system32\cmd.exe
  cmd /c exit
  2⤵
  PID:3016
- C:\Windows\system32\timeout.exe
  timeout /t 3
  2⤵
  - Delays execution with timeout.exe
  PID:332
- C:\Windows\system32\timeout.exe
  timeout /t 10
  2⤵
  - Delays execution with timeout.exe
  PID:2344
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:1316
- C:\Windows\system32\shutdown.exe
  shutdown /r /t 0 /f
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:408

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2424

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\╪º╪«╪¬╪▒┘é5.txt

Filesize
176B

MD5
51b95f8ca116f938e3c6f96b78e6f29a

SHA1
36a6af85631eda17788628a40c18b6fe3e02677d

SHA256
b46e0b74befdedc9b46da9fb35ef49f42f3c7dc6732c8a58d38619e415b44cc0

SHA512
4f2a5137467f7bfb3e7af8a20560bd758d32ee8cc4c955471610c3c073101cdaa373f334863bf04b90a6662b08b2ca0c97795b943c28c4944256efaab171531c

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads