Overview

overview

1

Static

static

1

اخترق.bat

windows7-x64

اخترق.bat

windows10-2004-x64

Analysis

  • max time kernel
    5s
  • max time network
    6s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 20:05 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    اخترق.bat

  • Size

    365B

  • MD5

    b040cab88769e8ce9e3601df5f98ad85

  • SHA1

    43a4fb53d5305d628c267dd8e89ec802e7af5ff0

  • SHA256

    020739fc9fd8f32ce7b765f91c563de03c2845b6d4508de555d55c57e5d5b2fa

  • SHA512

    c312c21d50bbcde39426302f6fabc8d429953d226bf6bce4b8ddc3d65e4afe9e33b5a507ed237a0a190093a10e24addaf3e502610c8a57de3e74f6f862e58946

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\اخترق.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Windows\system32\PING.EXE
      ping 127.0.0.1 -n 3
      2⤵
      • Runs ping.exe
      PID:1324
    • C:\Windows\system32\shutdown.exe
      shutdown /r /t 0
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2656
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2820
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:3060

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2820-2-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3060-3-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.