af087e44b9920b0dd59aac8a366a167d5f5457e608b6616450d73956294a9500

Analysis

max time kernel
133s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-08-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cleaners/clean2.bat
Size

854KB
MD5

181b6db3092989609f7878c4e51aa220
SHA1

c2f2eb7aa2ad301f76598164daaf04574846c58d
SHA256

798f56c1a6e8f546d57386f93fba2c138b687a002c89535e114ceb938a33970d
SHA512

e9ebfa63520d9b00516deb11cdfda317fcb8edeafb453001ee999ba0bfb06f0b80ff026ba5b80fe8d78d80313501e814f94070de5dfcbcba8d131591ea37ba4f
SSDEEP

6144:XtJlSvOPgunY1X7G4LsMrkDWUpWOlBkORX:9qvOPgunY1K4LsMrkDWUpWOlBkORX

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\netserv.inf	cmd.exe
File opened for modification	C:\Windows\INF\wiasa003.inf	cmd.exe
File opened for modification	C:\Windows\INF\netk57a.inf	cmd.exe
File opened for modification	C:\Windows\INF\netmlx4eth63.inf	cmd.exe
File opened for modification	C:\Windows\INF\prnlxclv.inf	cmd.exe
File opened for modification	C:\Windows\INF\NETMEM~1.0\0407\netmemorycache_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\MSDTCB~2.0\0000\_TransactionBridgePerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\netirda.inf	cmd.exe
File opened for modification	C:\Windows\INF\netv1x64.inf	cmd.exe
File opened for modification	C:\Windows\INF\NETMEM~1.0\netmemorycache.ini	cmd.exe
File opened for modification	C:\Windows\INF\mdmadc.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmsupra.inf	cmd.exe
File opened for modification	C:\Windows\INF\usbhub\0000\usbperf.ini	cmd.exe
File opened for modification	C:\Windows\INF\mdmaiwa5.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmdcm6.inf	cmd.exe
File opened for modification	C:\Windows\INF\sdbus.inf	cmd.exe
File opened for modification	C:\Windows\INF\pnpxinternetgatewaydevices.inf	cmd.exe
File opened for modification	C:\Windows\INF\prntscl3.inf	cmd.exe
File opened for modification	C:\Windows\INF\ksfilter.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmcodex.inf	cmd.exe
File opened for modification	C:\Windows\INF\mtconfig.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_fscontentscreener.inf	cmd.exe
File opened for modification	C:\Windows\INF\hdaudio.inf	cmd.exe
File opened for modification	C:\Windows\INF\input.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmwhql0.inf	cmd.exe
File opened for modification	C:\Windows\INF\SERVIC~3.0\0C0A\_ServiceModelServicePerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\NETCLR~2\040C\_Networkingperfcounters_v2_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\iscsi.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmntt1.inf	cmd.exe
File opened for modification	C:\Windows\INF\iastorv.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmkortx.inf	cmd.exe
File opened for modification	C:\Windows\INF\prnxxcl3.inf	cmd.exe
File opened for modification	C:\Windows\INF\WSEARC~1\idxcntrs.h	cmd.exe
File opened for modification	C:\Windows\INF\mdmcxhv6.inf	cmd.exe
File opened for modification	C:\Windows\INF\net819xp.inf	cmd.exe
File opened for modification	C:\Windows\INF\usbhub\0410\usbperf.ini	cmd.exe
File opened for modification	C:\Windows\INF\mdmmcd.inf	cmd.exe
File opened for modification	C:\Windows\INF\WINDOW~2.0\040C\PerfCounters_D.ini	cmd.exe
File opened for modification	C:\Windows\INF\WpdFs.inf	cmd.exe
File opened for modification	C:\Windows\INF\npsvctrig.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmti.inf	cmd.exe
File opened for modification	C:\Windows\INF\termmou.inf	cmd.exe
File opened for modification	C:\Windows\INF\usbhub\0409\usbperf.ini	cmd.exe
File opened for modification	C:\Windows\INF\wmiacpi.inf	cmd.exe
File opened for modification	C:\Windows\INF\NETFRA~1\0411\corperfmonsymbols_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\ESENT\0410\esentprf.ini	cmd.exe
File opened for modification	C:\Windows\INF\SMSVCH~1.0\040C\_SMSvcHostPerfCounters_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\scmvolume.inf	cmd.exe
File opened for modification	C:\Windows\INF\termkbd.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_fssystem.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmags64.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmsmart.inf	cmd.exe
File opened for modification	C:\Windows\INF\MSDTCB~1.0\_TransactionBridgePerfCounters.h	cmd.exe
File opened for modification	C:\Windows\INF\wvmic_heartbeat.inf	cmd.exe
File opened for modification	C:\Windows\INF\basicrender.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmati.inf	cmd.exe
File opened for modification	C:\Windows\INF\mdmgl004.inf	cmd.exe
File opened for modification	C:\Windows\INF\c_battery.inf	cmd.exe
File opened for modification	C:\Windows\INF\netlldp.inf	cmd.exe
File opened for modification	C:\Windows\INF\netvchannel.inf	cmd.exe
File opened for modification	C:\Windows\INF\spaceport.inf	cmd.exe
File opened for modification	C:\Windows\INF\TERMSE~1\0000\tslabels.ini	cmd.exe
File opened for modification	C:\Windows\INF\NETMEM~1.0\040C\netmemorycache_d.ini	cmd.exe
File opened for modification	C:\Windows\INF\c_netclient.inf	cmd.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Cleaners\clean2.bat"
1⤵
- Drops file in Windows directory
PID:3404

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads