Overview

overview

3

Static

static

1

echo off.bat

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 14:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    echo off.bat

  • Size

    1KB

  • MD5

    7c8791448bff630f8ac60efdc9bbac4c

  • SHA1

    ff54860d232637cce9fe4ddc6ff9d692d4c64280

  • SHA256

    44830ff5dfe7dcce62b8d8a4ce421f54a6ee269339ec15710af554481e631672

  • SHA512

    2a8db0334ce150c7cc9cb3d7d7bf5f737c738ab1d8996ddc18174926e9c9d269a9acc2033a0b8fd7e624ffd8a5c1c96759b8ef887baae92228af9da5b86a2120

Score
3/10
discovery

Malware Config

Signatures

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\echo off.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Windows\system32\PING.EXE
      ping -n 1 -w 20 127.0.0.1
      2⤵
        PID:1900
      • C:\Windows\system32\PING.EXE
        ping -n 1 -w 20 127.0.0.1
        2⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:1768
      • C:\Windows\system32\PING.EXE
        ping -n 1 -w 20 127.0.0.1
        2⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:1392
      • C:\Windows\system32\PING.EXE
        ping -n 1 -w 20 127.0.0.1
        2⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:3244
      • C:\Windows\system32\PING.EXE
        ping -n 1 -w 20 127.0.0.1
        2⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:1928
      • C:\Windows\system32\PING.EXE
        ping -n 1 -w 20 127.0.0.1
        2⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:1436
      • C:\Windows\system32\PING.EXE
        ping -n 1 -w 20 127.0.0.1
        2⤵
          PID:1060
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:4468
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:4380
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • Runs ping.exe
          PID:1284
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2996
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:4408
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          PID:3944
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:4716
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          PID:1548
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:3728
        • C:\Windows\system32\PING.EXE
          ping -n 1 -w 20 127.0.0.1
          2⤵
            PID:3128
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:2240
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:3404
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:2556
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:4064
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • Runs ping.exe
            PID:3292
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:4564
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:3212
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • Runs ping.exe
            PID:4152
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • Runs ping.exe
            PID:4964
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:536
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • Runs ping.exe
            PID:5072
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:2992
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:4076
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:2084
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:2620
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:3868
          • C:\Windows\system32\PING.EXE
            ping -n 1 -w 20 127.0.0.1
            2⤵
              PID:4796
            • C:\Windows\system32\PING.EXE
              ping -n 1 -w 20 127.0.0.1
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:1036
            • C:\Windows\system32\PING.EXE
              ping -n 1 -w 20 127.0.0.1
              2⤵
              • Runs ping.exe
              PID:3152
            • C:\Windows\system32\PING.EXE
              ping -n 1 -w 20 127.0.0.1
              2⤵
              • Runs ping.exe
              PID:3648
            • C:\Windows\system32\PING.EXE
              ping -n 1 -w 20 127.0.0.1
              2⤵
                PID:1636
              • C:\Windows\system32\PING.EXE
                ping -n 1 -w 20 127.0.0.1
                2⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                PID:692
              • C:\Windows\system32\PING.EXE
                ping -n 1 -w 20 127.0.0.1
                2⤵
                • Runs ping.exe
                PID:4928
              • C:\Windows\system32\PING.EXE
                ping -n 1 -w 20 127.0.0.1
                2⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                PID:2272
              • C:\Windows\system32\PING.EXE
                ping -n 1 -w 20 127.0.0.1
                2⤵
                  PID:3592
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • Runs ping.exe
                  PID:2788
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  PID:448
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:5100
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:1248
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:3420
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:4276
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:4300
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  PID:1112
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  PID:2552
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • Runs ping.exe
                  PID:4660
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • Runs ping.exe
                  PID:5016
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  PID:4048
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  PID:4268
                • C:\Windows\system32\PING.EXE
                  ping -n 1 -w 20 127.0.0.1
                  2⤵
                    PID:2708
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:4976
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • Runs ping.exe
                    PID:1284
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:1460
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:4396
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • Runs ping.exe
                    PID:4988
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:2416
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    PID:2392
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:4460
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • Runs ping.exe
                    PID:756
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • Runs ping.exe
                    PID:4984
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:2020
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • Runs ping.exe
                    PID:2556
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:4064
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Runs ping.exe
                    PID:3468
                  • C:\Windows\system32\PING.EXE
                    ping -n 1 -w 20 127.0.0.1
                    2⤵
                      PID:1496
                    • C:\Windows\system32\PING.EXE
                      ping -n 1 -w 20 127.0.0.1
                      2⤵
                      • Runs ping.exe
                      PID:3524
                    • C:\Windows\system32\PING.EXE
                      ping -n 1 -w 20 127.0.0.1
                      2⤵
                        PID:1332
                      • C:\Windows\system32\PING.EXE
                        ping -n 1 -w 20 127.0.0.1
                        2⤵
                        • Runs ping.exe
                        PID:1120
                      • C:\Windows\system32\PING.EXE
                        ping -n 1 -w 20 127.0.0.1
                        2⤵
                        • System Network Configuration Discovery: Internet Connection Discovery
                        • Runs ping.exe
                        PID:4152
                      • C:\Windows\system32\PING.EXE
                        ping -n 1 -w 20 127.0.0.1
                        2⤵
                        • System Network Configuration Discovery: Internet Connection Discovery
                        PID:808
                      • C:\Windows\system32\PING.EXE
                        ping -n 1 -w 20 127.0.0.1
                        2⤵
                        • System Network Configuration Discovery: Internet Connection Discovery
                        • Runs ping.exe
                        PID:536
                      • C:\Windows\system32\PING.EXE
                        ping -n 1 -w 20 127.0.0.1
                        2⤵
                        • System Network Configuration Discovery: Internet Connection Discovery
                        • Runs ping.exe
                        PID:748
                      • C:\Windows\system32\PING.EXE
                        ping -n 1 -w 20 127.0.0.1
                        2⤵
                          PID:3744
                        • C:\Windows\system32\PING.EXE
                          ping -n 1 -w 20 127.0.0.1
                          2⤵
                            PID:3756
                          • C:\Windows\system32\PING.EXE
                            ping -n 1 -w 20 127.0.0.1
                            2⤵
                              PID:3752
                            • C:\Windows\system32\PING.EXE
                              ping -n 1 -w 20 127.0.0.1
                              2⤵
                              • System Network Configuration Discovery: Internet Connection Discovery
                              • Runs ping.exe
                              PID:2824
                            • C:\Windows\system32\PING.EXE
                              ping -n 1 -w 20 127.0.0.1
                              2⤵
                              • System Network Configuration Discovery: Internet Connection Discovery
                              • Runs ping.exe
                              PID:1936
                            • C:\Windows\system32\PING.EXE
                              ping -n 1 -w 20 127.0.0.1
                              2⤵
                                PID:408
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • Runs ping.exe
                                PID:1292
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:3124
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                • Runs ping.exe
                                PID:1664
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • Runs ping.exe
                                PID:3456
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:3216
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:2008
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                • Runs ping.exe
                                PID:1728
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                • Runs ping.exe
                                PID:4040
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                • Runs ping.exe
                                PID:2864
                              • C:\Windows\system32\PING.EXE
                                ping -n 1 -w 20 127.0.0.1
                                2⤵
                                  PID:1768
                                • C:\Windows\system32\PING.EXE
                                  ping -n 1 -w 20 127.0.0.1
                                  2⤵
                                  • System Network Configuration Discovery: Internet Connection Discovery
                                  • Runs ping.exe
                                  PID:2220
                                • C:\Windows\system32\PING.EXE
                                  ping -n 1 -w 20 127.0.0.1
                                  2⤵
                                  • System Network Configuration Discovery: Internet Connection Discovery
                                  PID:3244
                                • C:\Windows\system32\PING.EXE
                                  ping -n 1 -w 20 127.0.0.1
                                  2⤵
                                  • System Network Configuration Discovery: Internet Connection Discovery
                                  • Runs ping.exe
                                  PID:4740
                                • C:\Windows\system32\PING.EXE
                                  ping -n 1 -w 20 127.0.0.1
                                  2⤵
                                  • Runs ping.exe
                                  PID:4388
                                • C:\Windows\system32\PING.EXE
                                  ping -n 1 -w 20 127.0.0.1
                                  2⤵
                                  • Runs ping.exe
                                  PID:828
                                • C:\Windows\system32\PING.EXE
                                  ping -n 1 -w 20 127.0.0.1
                                  2⤵
                                  • System Network Configuration Discovery: Internet Connection Discovery
                                  PID:796

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads