Analysis
-
max time kernel
137s -
max time network
140s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
06-08-2024 01:32
Static task
static1
Behavioral task
behavioral1
Sample
asdasd.bat
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
asdasd.bat
Resource
win10-20240404-en
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
asdasd.bat
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
asdasd.bat
Resource
win11-20240802-en
windows11-21h2-x64
2 signatures
150 seconds
General
-
Target
asdasd.bat
-
Size
193B
-
MD5
b96eb0cd305295b349ee8ae813e30383
-
SHA1
3591aebb05d3afa000acb09b751e244f1b6c051c
-
SHA256
9cd8992c88ec7509f1ced0fec83ce814b414697f16e2a29a3eb0819591065b8e
-
SHA512
9cd48acb44f8c8fd5f04b801651de89772272bc39fa0b24942f192576497a50437a301f19da5d8935a91b1c54973c15d1f6b416d81b828e346cfa61abc108ee4
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 42 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4488 WMIC.exe Token: SeSecurityPrivilege 4488 WMIC.exe Token: SeTakeOwnershipPrivilege 4488 WMIC.exe Token: SeLoadDriverPrivilege 4488 WMIC.exe Token: SeSystemProfilePrivilege 4488 WMIC.exe Token: SeSystemtimePrivilege 4488 WMIC.exe Token: SeProfSingleProcessPrivilege 4488 WMIC.exe Token: SeIncBasePriorityPrivilege 4488 WMIC.exe Token: SeCreatePagefilePrivilege 4488 WMIC.exe Token: SeBackupPrivilege 4488 WMIC.exe Token: SeRestorePrivilege 4488 WMIC.exe Token: SeShutdownPrivilege 4488 WMIC.exe Token: SeDebugPrivilege 4488 WMIC.exe Token: SeSystemEnvironmentPrivilege 4488 WMIC.exe Token: SeRemoteShutdownPrivilege 4488 WMIC.exe Token: SeUndockPrivilege 4488 WMIC.exe Token: SeManageVolumePrivilege 4488 WMIC.exe Token: 33 4488 WMIC.exe Token: 34 4488 WMIC.exe Token: 35 4488 WMIC.exe Token: 36 4488 WMIC.exe Token: SeIncreaseQuotaPrivilege 4488 WMIC.exe Token: SeSecurityPrivilege 4488 WMIC.exe Token: SeTakeOwnershipPrivilege 4488 WMIC.exe Token: SeLoadDriverPrivilege 4488 WMIC.exe Token: SeSystemProfilePrivilege 4488 WMIC.exe Token: SeSystemtimePrivilege 4488 WMIC.exe Token: SeProfSingleProcessPrivilege 4488 WMIC.exe Token: SeIncBasePriorityPrivilege 4488 WMIC.exe Token: SeCreatePagefilePrivilege 4488 WMIC.exe Token: SeBackupPrivilege 4488 WMIC.exe Token: SeRestorePrivilege 4488 WMIC.exe Token: SeShutdownPrivilege 4488 WMIC.exe Token: SeDebugPrivilege 4488 WMIC.exe Token: SeSystemEnvironmentPrivilege 4488 WMIC.exe Token: SeRemoteShutdownPrivilege 4488 WMIC.exe Token: SeUndockPrivilege 4488 WMIC.exe Token: SeManageVolumePrivilege 4488 WMIC.exe Token: 33 4488 WMIC.exe Token: 34 4488 WMIC.exe Token: 35 4488 WMIC.exe Token: 36 4488 WMIC.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 756 wrote to memory of 4488 756 cmd.exe 79 PID 756 wrote to memory of 4488 756 cmd.exe 79
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\asdasd.bat"1⤵PID:4616
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:756 -
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get Model2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4488
-