84261ef63f37b2dcaa891d74427c23168c4a4e3275b578bc37d875e75b6cc55e

Analysis

max time kernel
125s
max time network
93s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15/07/2024, 21:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

test.bat
Size

370KB
MD5

feac721b4c51970e393aa0fa0cbaa6f9
SHA1

5204a4628a14bb43d7cf040354581d0fba021349
SHA256

84261ef63f37b2dcaa891d74427c23168c4a4e3275b578bc37d875e75b6cc55e
SHA512

ad3d0e747c289924037c794c8a6f28f528ad04e6a3920ea488999e567ba946ebc9b703a0d601683ab815c23cbde78ab8786ffde9f237afacd1e2e357fa7abf0b
SSDEEP

6144:E/vahuw2OQar0FSva8zeBBgM6C++IsiE5CIS+ZqiaV7AlBvlnacelqOsAG:vuHFcZeBBgM6C3vXgIvQ4xxace03

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
816	timeout.exe
5048	timeout.exe
4284	timeout.exe
1700	timeout.exe
4048	timeout.exe
3696	timeout.exe
1760	timeout.exe
1240	timeout.exe
2236	timeout.exe
5020	timeout.exe
4208	timeout.exe
1004	timeout.exe
96	timeout.exe
4388	timeout.exe
3128	timeout.exe
4588	timeout.exe
3440	timeout.exe
1628	timeout.exe
4880	timeout.exe
1452	timeout.exe
2084	timeout.exe
3620	timeout.exe
1228	timeout.exe
3592	timeout.exe
2180	timeout.exe
4248	timeout.exe
1900	timeout.exe
4504	timeout.exe
3560	timeout.exe
2104	timeout.exe
3352	timeout.exe
600	timeout.exe
1372	timeout.exe
4884	timeout.exe
1348	timeout.exe
424	timeout.exe
656	timeout.exe
2260	timeout.exe
1324	timeout.exe
2940	timeout.exe
4660	timeout.exe
3824	timeout.exe
2736	timeout.exe
1480	timeout.exe
2308	timeout.exe
2824	timeout.exe
496	timeout.exe
2500	timeout.exe
2844	timeout.exe
1712	timeout.exe
2936	timeout.exe
4512	timeout.exe
2360	timeout.exe
2936	timeout.exe
4244	timeout.exe
4736	timeout.exe
192	timeout.exe
5024	timeout.exe
3516	timeout.exe
520	timeout.exe
1040	timeout.exe
1224	timeout.exe
816	timeout.exe
3260	timeout.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2308	2272	cmd.exe	73
PID 2272 wrote to memory of 2308	2272	cmd.exe	73
PID 2272 wrote to memory of 760	2272	cmd.exe	74
PID 2272 wrote to memory of 760	2272	cmd.exe	74
PID 2272 wrote to memory of 816	2272	cmd.exe	75
PID 2272 wrote to memory of 816	2272	cmd.exe	75
PID 2272 wrote to memory of 192	2272	cmd.exe	76
PID 2272 wrote to memory of 192	2272	cmd.exe	76
PID 2272 wrote to memory of 5104	2272	cmd.exe	77
PID 2272 wrote to memory of 5104	2272	cmd.exe	77
PID 2272 wrote to memory of 3468	2272	cmd.exe	78
PID 2272 wrote to memory of 3468	2272	cmd.exe	78
PID 2272 wrote to memory of 1352	2272	cmd.exe	79
PID 2272 wrote to memory of 1352	2272	cmd.exe	79
PID 2272 wrote to memory of 4572	2272	cmd.exe	80
PID 2272 wrote to memory of 4572	2272	cmd.exe	80
PID 2272 wrote to memory of 5048	2272	cmd.exe	81
PID 2272 wrote to memory of 5048	2272	cmd.exe	81
PID 2272 wrote to memory of 1348	2272	cmd.exe	82
PID 2272 wrote to memory of 1348	2272	cmd.exe	82
PID 2272 wrote to memory of 2824	2272	cmd.exe	83
PID 2272 wrote to memory of 2824	2272	cmd.exe	83
PID 2272 wrote to memory of 4048	2272	cmd.exe	84
PID 2272 wrote to memory of 4048	2272	cmd.exe	84
PID 2272 wrote to memory of 4552	2272	cmd.exe	85
PID 2272 wrote to memory of 4552	2272	cmd.exe	85
PID 2272 wrote to memory of 5024	2272	cmd.exe	86
PID 2272 wrote to memory of 5024	2272	cmd.exe	86
PID 2272 wrote to memory of 2936	2272	cmd.exe	87
PID 2272 wrote to memory of 2936	2272	cmd.exe	87
PID 2272 wrote to memory of 3680	2272	cmd.exe	88
PID 2272 wrote to memory of 3680	2272	cmd.exe	88
PID 2272 wrote to memory of 3516	2272	cmd.exe	89
PID 2272 wrote to memory of 3516	2272	cmd.exe	89
PID 2272 wrote to memory of 424	2272	cmd.exe	90
PID 2272 wrote to memory of 424	2272	cmd.exe	90
PID 2272 wrote to memory of 96	2272	cmd.exe	91
PID 2272 wrote to memory of 96	2272	cmd.exe	91
PID 2272 wrote to memory of 520	2272	cmd.exe	92
PID 2272 wrote to memory of 520	2272	cmd.exe	92
PID 2272 wrote to memory of 3696	2272	cmd.exe	93
PID 2272 wrote to memory of 3696	2272	cmd.exe	93
PID 2272 wrote to memory of 4660	2272	cmd.exe	94
PID 2272 wrote to memory of 4660	2272	cmd.exe	94
PID 2272 wrote to memory of 4388	2272	cmd.exe	95
PID 2272 wrote to memory of 4388	2272	cmd.exe	95
PID 2272 wrote to memory of 1900	2272	cmd.exe	96
PID 2272 wrote to memory of 1900	2272	cmd.exe	96
PID 2272 wrote to memory of 1760	2272	cmd.exe	97
PID 2272 wrote to memory of 1760	2272	cmd.exe	97
PID 2272 wrote to memory of 1948	2272	cmd.exe	98
PID 2272 wrote to memory of 1948	2272	cmd.exe	98
PID 2272 wrote to memory of 2892	2272	cmd.exe	99
PID 2272 wrote to memory of 2892	2272	cmd.exe	99
PID 2272 wrote to memory of 1628	2272	cmd.exe	100
PID 2272 wrote to memory of 1628	2272	cmd.exe	100
PID 2272 wrote to memory of 656	2272	cmd.exe	101
PID 2272 wrote to memory of 656	2272	cmd.exe	101
PID 2272 wrote to memory of 4504	2272	cmd.exe	102
PID 2272 wrote to memory of 4504	2272	cmd.exe	102
PID 2272 wrote to memory of 496	2272	cmd.exe	103
PID 2272 wrote to memory of 496	2272	cmd.exe	103
PID 2272 wrote to memory of 2500	2272	cmd.exe	104
PID 2272 wrote to memory of 2500	2272	cmd.exe	104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\test.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2308
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:760
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:816
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:192
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:5104
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  PID:3468
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:1352
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  PID:4572
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:5048
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1348
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2824
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4048
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:4552
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:5024
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2936
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:3680
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3516
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:424
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:96
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:520
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3696
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4660
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4388
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1900
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1760
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:1948
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:2892
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1628
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:656
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4504
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:496
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2500
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  PID:4944
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:3320
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3824
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3560
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1240
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:4460
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  PID:2900
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2844
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:1896
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2736
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  PID:2216
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2104
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4880
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:5044
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2260
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3352
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:1156
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:4112
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:600
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:3564
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:2404
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1452
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2084
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:4888
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1040
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2180
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4208
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4512
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2236
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2360
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1224
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4244
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1480
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3128
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4736
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1004
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4284
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:1020
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1324
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:5020
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4248
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3620
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1228
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2940
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  PID:392
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:816
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  PID:1172
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3260
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1372
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4588
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1700
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:1712
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3440
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 1 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:4884
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  PID:4048
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:3592
- C:\Windows\system32\timeout.exe
  TIMEOUT /T 2 /NOBREAK
  2⤵
  - Delays execution with timeout.exe
  PID:2936

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads