9bdfeb3193bb8cdab70f4894727d4dc1b98f9794c211087c6a9122ea268ff36a

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 19:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RUN ME AS ADMIN.bat
Size

755B
MD5

c102e6707324fe2e3e7ca88c6b39cdba
SHA1

82b50249749dd63795f8ffe8970924db83e70d24
SHA256

6dd6be462c44a0e7b3d7c1711f15a6102b8791c2cb9129fd970e8a5247e6175f
SHA512

27ec106890b611d547e436c238c7699636a3ee86772de3dfe71daddddae18ad38284e4d7494b0d1663d6f6b6aa715864d3ca7c1b9173d98c37810f7a2ba31a51

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4948	timeout.exe
2360	timeout.exe
3236	timeout.exe
1976	timeout.exe
4928	timeout.exe
3724	timeout.exe
2404	timeout.exe
3876	timeout.exe
2396	timeout.exe
5012	timeout.exe
1304	timeout.exe
3524	timeout.exe
4232	timeout.exe
3832	timeout.exe
972	timeout.exe
4556	timeout.exe
3680	timeout.exe
5060	timeout.exe
4684	timeout.exe
3044	timeout.exe
4336	timeout.exe
1840	timeout.exe
1552	timeout.exe
3236	timeout.exe
1760	timeout.exe
3324	timeout.exe
2432	timeout.exe
4400	timeout.exe
224	timeout.exe
4396	timeout.exe
1616	timeout.exe
3160	timeout.exe
4324	timeout.exe
3252	timeout.exe
3880	timeout.exe
3456	timeout.exe
4460	timeout.exe
1760	timeout.exe
2504	timeout.exe
3888	timeout.exe
2460	timeout.exe
2716	timeout.exe
1124	timeout.exe
4808	timeout.exe
1204	timeout.exe
2572	timeout.exe
4480	timeout.exe
3052	timeout.exe
212	timeout.exe
2184	timeout.exe
4088	timeout.exe
2856	timeout.exe
1888	timeout.exe
3660	timeout.exe
3252	timeout.exe
3244	timeout.exe
3956	timeout.exe
2384	timeout.exe
4204	timeout.exe
4304	timeout.exe
744	timeout.exe
404	timeout.exe
1256	timeout.exe
732	timeout.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

pid	Process
3216	tasklist.exe
1408	tasklist.exe
3468	tasklist.exe
1492	tasklist.exe
4956	tasklist.exe
1568	tasklist.exe
924	tasklist.exe
3664	tasklist.exe
4228	tasklist.exe
2956	tasklist.exe
212	tasklist.exe
808	tasklist.exe
2452	tasklist.exe
2056	tasklist.exe
4652	tasklist.exe
536	tasklist.exe
4332	tasklist.exe
2908	tasklist.exe
1612	tasklist.exe
716	tasklist.exe
4684	tasklist.exe
2584	tasklist.exe
1252	tasklist.exe
3640	tasklist.exe
2632	tasklist.exe
4396	tasklist.exe
1324	tasklist.exe
2572	tasklist.exe
392	tasklist.exe
2744	tasklist.exe
3544	tasklist.exe
1932	tasklist.exe
2632	tasklist.exe
4452	tasklist.exe
2396	tasklist.exe
4984	tasklist.exe
1116	tasklist.exe
752	tasklist.exe
4784	tasklist.exe
1520	tasklist.exe
3720	tasklist.exe
2408	tasklist.exe
3796	tasklist.exe
3616	tasklist.exe
5116	tasklist.exe
1368	tasklist.exe
2508	tasklist.exe
4304	tasklist.exe
5008	tasklist.exe
2480	tasklist.exe
4296	tasklist.exe
3844	tasklist.exe
1828	tasklist.exe
816	tasklist.exe
4908	tasklist.exe
2428	tasklist.exe
3640	tasklist.exe
2184	tasklist.exe
5064	tasklist.exe
1680	tasklist.exe
408	tasklist.exe
4072	tasklist.exe
5112	tasklist.exe
4412	tasklist.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3472	signaler.exe
3472	signaler.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3844	tasklist.exe
Token: SeDebugPrivilege	1828	tasklist.exe
Token: SeDebugPrivilege	3616	tasklist.exe
Token: SeDebugPrivilege	1116	tasklist.exe
Token: SeDebugPrivilege	1612	tasklist.exe
Token: SeDebugPrivilege	392	tasklist.exe
Token: SeDebugPrivilege	3664	tasklist.exe
Token: SeDebugPrivilege	2744	tasklist.exe
Token: SeDebugPrivilege	1252	tasklist.exe
Token: SeDebugPrivilege	816	tasklist.exe
Token: SeDebugPrivilege	1680	tasklist.exe
Token: SeDebugPrivilege	1408	tasklist.exe
Token: SeDebugPrivilege	408	tasklist.exe
Token: SeDebugPrivilege	808	tasklist.exe
Token: SeDebugPrivilege	3640	tasklist.exe
Token: SeDebugPrivilege	4984	tasklist.exe
Token: SeDebugPrivilege	3544	tasklist.exe
Token: SeDebugPrivilege	1116	tasklist.exe
Token: SeDebugPrivilege	1324	tasklist.exe
Token: SeDebugPrivilege	4332	tasklist.exe
Token: SeDebugPrivilege	3468	tasklist.exe
Token: SeDebugPrivilege	752	tasklist.exe
Token: SeDebugPrivilege	2632	tasklist.exe
Token: SeDebugPrivilege	1492	tasklist.exe
Token: SeDebugPrivilege	4956	tasklist.exe
Token: SeDebugPrivilege	4072	tasklist.exe
Token: SeDebugPrivilege	1568	tasklist.exe
Token: SeDebugPrivilege	1168	tasklist.exe
Token: SeDebugPrivilege	4784	tasklist.exe
Token: SeDebugPrivilege	5116	tasklist.exe
Token: SeDebugPrivilege	4396	tasklist.exe
Token: SeDebugPrivilege	4908	tasklist.exe
Token: SeDebugPrivilege	1368	tasklist.exe
Token: SeDebugPrivilege	1520	tasklist.exe
Token: SeDebugPrivilege	1324	tasklist.exe
Token: SeDebugPrivilege	5112	tasklist.exe
Token: SeDebugPrivilege	4412	tasklist.exe
Token: SeDebugPrivilege	4228	tasklist.exe
Token: SeDebugPrivilege	3164	tasklist.exe
Token: SeDebugPrivilege	2908	tasklist.exe
Token: SeDebugPrivilege	2956	tasklist.exe
Token: SeDebugPrivilege	716	tasklist.exe
Token: SeDebugPrivilege	2508	tasklist.exe
Token: SeDebugPrivilege	3472	tasklist.exe
Token: SeDebugPrivilege	2452	tasklist.exe
Token: SeDebugPrivilege	1488	tasklist.exe
Token: SeDebugPrivilege	2428	tasklist.exe
Token: SeDebugPrivilege	3720	tasklist.exe
Token: SeDebugPrivilege	3640	tasklist.exe
Token: SeDebugPrivilege	212	tasklist.exe
Token: SeDebugPrivilege	4452	tasklist.exe
Token: SeDebugPrivilege	1932	tasklist.exe
Token: SeDebugPrivilege	1572	tasklist.exe
Token: SeDebugPrivilege	2396	tasklist.exe
Token: SeDebugPrivilege	2572	tasklist.exe
Token: SeDebugPrivilege	2632	tasklist.exe
Token: SeDebugPrivilege	4684	tasklist.exe
Token: SeDebugPrivilege	4304	tasklist.exe
Token: SeDebugPrivilege	3680	tasklist.exe
Token: SeDebugPrivilege	924	tasklist.exe
Token: SeDebugPrivilege	408	tasklist.exe
Token: SeDebugPrivilege	5008	tasklist.exe
Token: SeDebugPrivilege	4964	tasklist.exe
Token: SeDebugPrivilege	2480	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 3684	4552	cmd.exe	85
PID 4552 wrote to memory of 3684	4552	cmd.exe	85
PID 3684 wrote to memory of 2724	3684	net.exe	86
PID 3684 wrote to memory of 2724	3684	net.exe	86
PID 4552 wrote to memory of 3472	4552	cmd.exe	87
PID 4552 wrote to memory of 3472	4552	cmd.exe	87
PID 4552 wrote to memory of 4396	4552	cmd.exe	88
PID 4552 wrote to memory of 4396	4552	cmd.exe	88
PID 4552 wrote to memory of 3844	4552	cmd.exe	94
PID 4552 wrote to memory of 3844	4552	cmd.exe	94
PID 4552 wrote to memory of 4624	4552	cmd.exe	95
PID 4552 wrote to memory of 4624	4552	cmd.exe	95
PID 4552 wrote to memory of 2716	4552	cmd.exe	97
PID 4552 wrote to memory of 2716	4552	cmd.exe	97
PID 4552 wrote to memory of 1828	4552	cmd.exe	99
PID 4552 wrote to memory of 1828	4552	cmd.exe	99
PID 4552 wrote to memory of 3332	4552	cmd.exe	100
PID 4552 wrote to memory of 3332	4552	cmd.exe	100
PID 4552 wrote to memory of 972	4552	cmd.exe	101
PID 4552 wrote to memory of 972	4552	cmd.exe	101
PID 4552 wrote to memory of 3616	4552	cmd.exe	103
PID 4552 wrote to memory of 3616	4552	cmd.exe	103
PID 4552 wrote to memory of 1932	4552	cmd.exe	104
PID 4552 wrote to memory of 1932	4552	cmd.exe	104
PID 4552 wrote to memory of 4556	4552	cmd.exe	105
PID 4552 wrote to memory of 4556	4552	cmd.exe	105
PID 4552 wrote to memory of 1116	4552	cmd.exe	106
PID 4552 wrote to memory of 1116	4552	cmd.exe	106
PID 4552 wrote to memory of 2884	4552	cmd.exe	107
PID 4552 wrote to memory of 2884	4552	cmd.exe	107
PID 4552 wrote to memory of 4928	4552	cmd.exe	108
PID 4552 wrote to memory of 4928	4552	cmd.exe	108
PID 4552 wrote to memory of 1612	4552	cmd.exe	110
PID 4552 wrote to memory of 1612	4552	cmd.exe	110
PID 4552 wrote to memory of 2360	4552	cmd.exe	111
PID 4552 wrote to memory of 2360	4552	cmd.exe	111
PID 4552 wrote to memory of 4204	4552	cmd.exe	112
PID 4552 wrote to memory of 4204	4552	cmd.exe	112
PID 4552 wrote to memory of 392	4552	cmd.exe	113
PID 4552 wrote to memory of 392	4552	cmd.exe	113
PID 4552 wrote to memory of 5112	4552	cmd.exe	114
PID 4552 wrote to memory of 5112	4552	cmd.exe	114
PID 4552 wrote to memory of 1616	4552	cmd.exe	115
PID 4552 wrote to memory of 1616	4552	cmd.exe	115
PID 4552 wrote to memory of 3664	4552	cmd.exe	117
PID 4552 wrote to memory of 3664	4552	cmd.exe	117
PID 4552 wrote to memory of 752	4552	cmd.exe	118
PID 4552 wrote to memory of 752	4552	cmd.exe	118
PID 4552 wrote to memory of 3160	4552	cmd.exe	119
PID 4552 wrote to memory of 3160	4552	cmd.exe	119
PID 4552 wrote to memory of 2744	4552	cmd.exe	120
PID 4552 wrote to memory of 2744	4552	cmd.exe	120
PID 4552 wrote to memory of 2792	4552	cmd.exe	121
PID 4552 wrote to memory of 2792	4552	cmd.exe	121
PID 4552 wrote to memory of 536	4552	cmd.exe	122
PID 4552 wrote to memory of 536	4552	cmd.exe	122
PID 4552 wrote to memory of 1252	4552	cmd.exe	123
PID 4552 wrote to memory of 1252	4552	cmd.exe	123
PID 4552 wrote to memory of 4492	4552	cmd.exe	124
PID 4552 wrote to memory of 4492	4552	cmd.exe	124
PID 4552 wrote to memory of 3724	4552	cmd.exe	125
PID 4552 wrote to memory of 3724	4552	cmd.exe	125
PID 4552 wrote to memory of 816	4552	cmd.exe	126
PID 4552 wrote to memory of 816	4552	cmd.exe	126

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\RUN ME AS ADMIN.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2724
- C:\Users\Admin\AppData\Local\Temp\signaler.exe
  signaler.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4396
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3844
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4624
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2716
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1828
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3332
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:972
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3616
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4556
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1116
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4928
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1612
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2360
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4204
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:392
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5112
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1616
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3664
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:752
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3160
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2744
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2792
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:536
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1252
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4492
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3724
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:816
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:404
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4304
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1680
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3956
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:3300
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1408
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3684
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2184
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:408
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3048
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3252
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:808
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2620
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1124
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3640
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5036
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1304
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4984
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4908
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2504
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3544
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4460
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3888
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1116
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2484
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2460
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1324
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3976
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3660
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4332
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5112
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1840
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3468
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1572
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3524
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:752
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:648
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:3160
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2632
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2744
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:4024
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1492
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4180
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1760
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4956
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4288
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:4292
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4072
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2508
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3680
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1568
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3472
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4232
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1168
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:408
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3252
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4784
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5008
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3880
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:5116
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4812
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2404
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4396
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3964
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3324
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4908
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5060
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4948
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1368
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3240
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4460
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1520
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1684
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2360
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1324
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3976
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2432
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:5112
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3980
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3876
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4412
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2612
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2396
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4228
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4480
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2572
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3164
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3052
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:4432
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2908
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1524
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4684
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2956
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2864
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:404
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:716
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4764
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3044
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2508
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2724
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3832
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3472
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4800
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3236
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2452
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2144
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4336
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1488
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4100
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3244
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2428
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2268
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3456
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3720
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1888
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3640
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3180
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4088
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:212
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:704
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1256
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4452
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2720
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4400
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1932
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4984
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:732
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1572
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1616
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:2904
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2396
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:840
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4480
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2572
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2164
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3052
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2632
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1252
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:744
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4684
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5056
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1760
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4304
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4068
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3956
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3680
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3000
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2384
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:924
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4384
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:3648
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:408
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3252
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:224
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:5008
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:4008
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4808
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4964
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:5116
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2856
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2480
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2276
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:2888
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:2056
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3592
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:4736
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:4652
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:368
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5060
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:5064
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:632
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:212
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:2408
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1700
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1204
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:3796
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3980
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1976
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:536
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3164
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:3928
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:3216
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:1232
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  PID:4492
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:2584
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:464
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:5012
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:4296
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:716
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4324
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  PID:2724
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:3060
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:1552
- C:\Windows\system32\tasklist.exe
  tasklist /FI "IMAGENAME eq gta_sa.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:2184
- C:\Windows\system32\find.exe
  find /i "gta_sa.exe"
  2⤵
  PID:2892
- C:\Windows\system32\timeout.exe
  timeout /t 2 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:3236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads