199879ac19872d6b0ff820d8f502062f0efea37867b937dc04580cf170b8228d

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 06:54

Target

JIGUtility_V2.0.8.0_20230112/ASUSR_ParsingRecord/ASUSR_ParsingRecord/run.bat
Size

445B
MD5

e9b66659059fb09bd910851557f01a4b
SHA1

91799b761661882dccf6e10bfb1b15078cd41467
SHA256

71d3617055ea34bfda2c87dfb2d0bb5f916597fbe7b2a5d6c39a2cddbf64a891
SHA512

f96393b70cc3987dcad41640cceabc4cac6f23b89d25f98cfa95dfdba427e1a5b5a3120fa3bc56c5c23a2a2ea88c338e8e581216bd839e8c3180818246bff66e

Score

1^/10

Delays execution with timeout.exe 2 IoCs

evasion

Processes:

timeout.exetimeout.exe

pid	Process
2712	timeout.exe
3948	timeout.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid	Process
664

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ASUS_WNECT.exe

description	pid	Process
Token: SeSystemEnvironmentPrivilege	1700	ASUS_WNECT.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

cmd.exe

description	pid	Process	procid_target
PID 4440 wrote to memory of 1700	4440	cmd.exe	85
PID 4440 wrote to memory of 1700	4440	cmd.exe	85
PID 4440 wrote to memory of 2712	4440	cmd.exe	86
PID 4440 wrote to memory of 2712	4440	cmd.exe	86
PID 4440 wrote to memory of 4932	4440	cmd.exe	87
PID 4440 wrote to memory of 4932	4440	cmd.exe	87
PID 4440 wrote to memory of 4932	4440	cmd.exe	87
PID 4440 wrote to memory of 3948	4440	cmd.exe	88
PID 4440 wrote to memory of 3948	4440	cmd.exe	88

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUS_WNECT.exe
  ASUS_WNECT.exe /eeprom d a0 -dump rom.bin
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1700
- C:\Windows\system32\timeout.exe
  timeout /t 3
  2⤵
  - Delays execution with timeout.exe
  PID:2712
- C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.exe
  ASUSR_ParsingRecord.exe
  2⤵
  PID:4932
- C:\Windows\system32\timeout.exe
  timeout /t 2
  2⤵
  - Delays execution with timeout.exe
  PID:3948

C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\20240716_065520_eepromdebug.upload

Filesize
928B

MD5
db7f5c231b3d3be9ebe5343aebaa86a0

SHA1
40ce50d121a9899386bc3ca133f81db17c3296ee

SHA256
626507b33ac19c4611dc33e55c653cfcff4efae1942bed7d4fcf8e9e7996e45a

SHA512
657e50d058f3701a92702aec8f96e50f5da4d77245e1314e482f58de6924938af41fde420b947aa627ab483f62ef5a14b58f203fdb6670267c2af6288a78414a

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\ASUSR_ParsingRecord.log

Filesize
10KB

MD5
0927278e30453131ed32de6c255b22be

SHA1
a97751cca47797151941c1d030c73376518e0d05

SHA256
f279294109dc473d74fedfd6e43c42a1d47035cbaaf4a368b2fd92e45620de95

SHA512
8f6dc80838508042b07e0ba9ee9add811f7c72a9b30df6478b305c9ff030856ced3ce8bbdf431436416abb8462e7a3f744daf5966d90327724056e51cbd97a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\JIGUtility_V2.0.8.0_20230112\ASUSR_ParsingRecord\ASUSR_ParsingRecord\Log_NECT_1721112916_20240716_065516.txt

Filesize
662B

MD5
3720e7748dd90fa9d7f85687732d609b

SHA1
32826c6d3ed65e4da079dce2d1e1eb4ab4847224

SHA256
9ebbcea841ba3635fc4690101cedd080573463e68c1b512e0d3b0f9d92cd1f01

SHA512
0d140ffd23c876a93452f23d0576a788357ec48c3d7259aedd4eaf12135d66c9af8612bb4030be55ecbbf0fd53c584ffe5a2762d696bd0efab1643500ae3f250

Download Submit