44aa6595d19ff3d7f16bd3bd8733503ec15e2e2b2cfd906e6d09b27047bb87a3

Analysis

max time kernel
22s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobuxGiver/Run.bat
Size

38KB
MD5

5d2020803a46dad54351dec6cbfef2a8
SHA1

82c6bb2d9fe8b7dafcd38a53062a916f799def0a
SHA256

c008b4b0a7c2bb3eb56ace3ec469e203e05b24f204a84ca03fbde38a914ef162
SHA512

aa910eee045499e02bfc3fa326238f482f2fde49d94fb7624ff702ae378b3f32867df3cef74d3e36e32e2504b0bfdf096a41564bd566064c808233cd4ddb384d
SSDEEP

192:xtoe3MdO6xCR934ydDECjJUy8bZvZTIOdArWcHi5kFtgwJmjLBGuK6a4odfMsKzR:x+e4HKxlSF7J1Ou7GIyxUQ9oTbYBhneX

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2788	WMIC.exe
Token: SeSecurityPrivilege	2788	WMIC.exe
Token: SeTakeOwnershipPrivilege	2788	WMIC.exe
Token: SeLoadDriverPrivilege	2788	WMIC.exe
Token: SeSystemProfilePrivilege	2788	WMIC.exe
Token: SeSystemtimePrivilege	2788	WMIC.exe
Token: SeProfSingleProcessPrivilege	2788	WMIC.exe
Token: SeIncBasePriorityPrivilege	2788	WMIC.exe
Token: SeCreatePagefilePrivilege	2788	WMIC.exe
Token: SeBackupPrivilege	2788	WMIC.exe
Token: SeRestorePrivilege	2788	WMIC.exe
Token: SeShutdownPrivilege	2788	WMIC.exe
Token: SeDebugPrivilege	2788	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2788	WMIC.exe
Token: SeRemoteShutdownPrivilege	2788	WMIC.exe
Token: SeUndockPrivilege	2788	WMIC.exe
Token: SeManageVolumePrivilege	2788	WMIC.exe
Token: 33	2788	WMIC.exe
Token: 34	2788	WMIC.exe
Token: 35	2788	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2788	WMIC.exe
Token: SeSecurityPrivilege	2788	WMIC.exe
Token: SeTakeOwnershipPrivilege	2788	WMIC.exe
Token: SeLoadDriverPrivilege	2788	WMIC.exe
Token: SeSystemProfilePrivilege	2788	WMIC.exe
Token: SeSystemtimePrivilege	2788	WMIC.exe
Token: SeProfSingleProcessPrivilege	2788	WMIC.exe
Token: SeIncBasePriorityPrivilege	2788	WMIC.exe
Token: SeCreatePagefilePrivilege	2788	WMIC.exe
Token: SeBackupPrivilege	2788	WMIC.exe
Token: SeRestorePrivilege	2788	WMIC.exe
Token: SeShutdownPrivilege	2788	WMIC.exe
Token: SeDebugPrivilege	2788	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2788	WMIC.exe
Token: SeRemoteShutdownPrivilege	2788	WMIC.exe
Token: SeUndockPrivilege	2788	WMIC.exe
Token: SeManageVolumePrivilege	2788	WMIC.exe
Token: 33	2788	WMIC.exe
Token: 34	2788	WMIC.exe
Token: 35	2788	WMIC.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2660	2240	cmd.exe	31
PID 2240 wrote to memory of 2660	2240	cmd.exe	31
PID 2240 wrote to memory of 2660	2240	cmd.exe	31
PID 2240 wrote to memory of 2800	2240	cmd.exe	32
PID 2240 wrote to memory of 2800	2240	cmd.exe	32
PID 2240 wrote to memory of 2800	2240	cmd.exe	32
PID 2240 wrote to memory of 2828	2240	cmd.exe	33
PID 2240 wrote to memory of 2828	2240	cmd.exe	33
PID 2240 wrote to memory of 2828	2240	cmd.exe	33
PID 2240 wrote to memory of 2816	2240	cmd.exe	34
PID 2240 wrote to memory of 2816	2240	cmd.exe	34
PID 2240 wrote to memory of 2816	2240	cmd.exe	34
PID 2240 wrote to memory of 2832	2240	cmd.exe	35
PID 2240 wrote to memory of 2832	2240	cmd.exe	35
PID 2240 wrote to memory of 2832	2240	cmd.exe	35
PID 2240 wrote to memory of 2920	2240	cmd.exe	36
PID 2240 wrote to memory of 2920	2240	cmd.exe	36
PID 2240 wrote to memory of 2920	2240	cmd.exe	36
PID 2240 wrote to memory of 2708	2240	cmd.exe	37
PID 2240 wrote to memory of 2708	2240	cmd.exe	37
PID 2240 wrote to memory of 2708	2240	cmd.exe	37
PID 2240 wrote to memory of 2680	2240	cmd.exe	38
PID 2240 wrote to memory of 2680	2240	cmd.exe	38
PID 2240 wrote to memory of 2680	2240	cmd.exe	38
PID 2240 wrote to memory of 2772	2240	cmd.exe	39
PID 2240 wrote to memory of 2772	2240	cmd.exe	39
PID 2240 wrote to memory of 2772	2240	cmd.exe	39
PID 2240 wrote to memory of 2788	2240	cmd.exe	40
PID 2240 wrote to memory of 2788	2240	cmd.exe	40
PID 2240 wrote to memory of 2788	2240	cmd.exe	40
PID 2240 wrote to memory of 2688	2240	cmd.exe	41
PID 2240 wrote to memory of 2688	2240	cmd.exe	41
PID 2240 wrote to memory of 2688	2240	cmd.exe	41

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\RobuxGiver\Run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\system32\chcp.com
  chcp.com 437
  2⤵
  PID:2660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c type tmp
  2⤵
  PID:2800
- C:\Windows\system32\find.exe
  find
  2⤵
  PID:2828
- C:\Windows\system32\find.exe
  find
  2⤵
  PID:2816
- C:\Windows\system32\findstr.exe
  findstr /L /I set C:\Users\Admin\AppData\Local\Temp\RobuxGiver\Run.bat
  2⤵
  PID:2832
- C:\Windows\system32\findstr.exe
  findstr /L /I goto C:\Users\Admin\AppData\Local\Temp\RobuxGiver\Run.bat
  2⤵
  PID:2920
- C:\Windows\system32\findstr.exe
  findstr /L /I echo C:\Users\Admin\AppData\Local\Temp\RobuxGiver\Run.bat
  2⤵
  PID:2708
- C:\Windows\system32\findstr.exe
  findstr /L /I pause C:\Users\Admin\AppData\Local\Temp\RobuxGiver\Run.bat
  2⤵
  PID:2680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c type tmp
  2⤵
  PID:2772
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get Name
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2788
- C:\Windows\system32\findstr.exe
  findstr /C:"Intel Core Processor (Broadwell)"
  2⤵
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RobuxGiver\tmp

Filesize
14B

MD5
ce585c6ba32ac17652d2345118536f9c

SHA1
be0e41b3690c42e4c0cdb53d53fc544fb46b758d

SHA256
589c942e748ea16dc86923c4391092707ce22315eb01cb85b0988c6762aa0ed3

SHA512
d397eda475d6853ce5cc28887690ddd5f8891be43767cdb666396580687f901fb6f0cc572afa18bde1468a77e8397812009c954f386c8f69cc0678e1253d5752

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads