2d2da6c9e5056f5297d34b136d36f0d41716431ac10b9b03914f3bc8d69dc60d

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NOScript V1.35 Optimization Program.bat
Size

15KB
MD5

f72501a2238ea286b58a884955715a79
SHA1

ba9f337268e43c39a3905514cb2c63cacb4b2b93
SHA256

2d2da6c9e5056f5297d34b136d36f0d41716431ac10b9b03914f3bc8d69dc60d
SHA512

06fc4c62adc04502fd67f1eb93d538f394984a39b0e35c855e867ce3e5d817b4f5ffc591d57c1b1fa84b16160af082e35eb8f6782b98b11cd30e003d5d342ddf
SSDEEP

384:F29388dPX4v4K39lSknNX9Fpa0/Lc/27YV:jI

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2116	WMIC.exe
Token: SeSecurityPrivilege	2116	WMIC.exe
Token: SeTakeOwnershipPrivilege	2116	WMIC.exe
Token: SeLoadDriverPrivilege	2116	WMIC.exe
Token: SeSystemProfilePrivilege	2116	WMIC.exe
Token: SeSystemtimePrivilege	2116	WMIC.exe
Token: SeProfSingleProcessPrivilege	2116	WMIC.exe
Token: SeIncBasePriorityPrivilege	2116	WMIC.exe
Token: SeCreatePagefilePrivilege	2116	WMIC.exe
Token: SeBackupPrivilege	2116	WMIC.exe
Token: SeRestorePrivilege	2116	WMIC.exe
Token: SeShutdownPrivilege	2116	WMIC.exe
Token: SeDebugPrivilege	2116	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2116	WMIC.exe
Token: SeRemoteShutdownPrivilege	2116	WMIC.exe
Token: SeUndockPrivilege	2116	WMIC.exe
Token: SeManageVolumePrivilege	2116	WMIC.exe
Token: 33	2116	WMIC.exe
Token: 34	2116	WMIC.exe
Token: 35	2116	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2116	WMIC.exe
Token: SeSecurityPrivilege	2116	WMIC.exe
Token: SeTakeOwnershipPrivilege	2116	WMIC.exe
Token: SeLoadDriverPrivilege	2116	WMIC.exe
Token: SeSystemProfilePrivilege	2116	WMIC.exe
Token: SeSystemtimePrivilege	2116	WMIC.exe
Token: SeProfSingleProcessPrivilege	2116	WMIC.exe
Token: SeIncBasePriorityPrivilege	2116	WMIC.exe
Token: SeCreatePagefilePrivilege	2116	WMIC.exe
Token: SeBackupPrivilege	2116	WMIC.exe
Token: SeRestorePrivilege	2116	WMIC.exe
Token: SeShutdownPrivilege	2116	WMIC.exe
Token: SeDebugPrivilege	2116	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2116	WMIC.exe
Token: SeRemoteShutdownPrivilege	2116	WMIC.exe
Token: SeUndockPrivilege	2116	WMIC.exe
Token: SeManageVolumePrivilege	2116	WMIC.exe
Token: 33	2116	WMIC.exe
Token: 34	2116	WMIC.exe
Token: 35	2116	WMIC.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2292	1952	cmd.exe	31
PID 1952 wrote to memory of 2292	1952	cmd.exe	31
PID 1952 wrote to memory of 2292	1952	cmd.exe	31
PID 2292 wrote to memory of 2116	2292	cmd.exe	32
PID 2292 wrote to memory of 2116	2292	cmd.exe	32
PID 2292 wrote to memory of 2116	2292	cmd.exe	32
PID 2292 wrote to memory of 2144	2292	cmd.exe	33
PID 2292 wrote to memory of 2144	2292	cmd.exe	33
PID 2292 wrote to memory of 2144	2292	cmd.exe	33

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\NOScript V1.35 Optimization Program.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic nic where "NetEnabled=true" get NetConnectionID,NetEnabled /format:csv | find /i "true"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nic where "NetEnabled=true" get NetConnectionID,NetEnabled /format:csv
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2116
- - C:\Windows\system32\find.exe
    find /i "true"
    3⤵
    PID:2144

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads