Overview

overview

1

Static

static

1

shutdown.bat

windows7-x64

shutdown.bat

windows10-2004-x64

Analysis

  • max time kernel
    48s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 16:26

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    shutdown.bat

  • Size

    63B

  • MD5

    b8c3941b05df03f2091f05976b8c743d

  • SHA1

    0ea8e388bcd74baa0eb62725443c1a2c2706306e

  • SHA256

    903556c0020c052e8ae3b3b5036381e472890791caee7cae0a2f890b4bdd5467

  • SHA512

    97f6c84c0c0496f41aeb9020c3ac8c1f5208f239c8220d76b355bd064d174933f1d6a83c5c68888bb1ea13a65dfba2ba67f64d5f2b8664240514a9c29223c4cb

Score
1/10

Malware Config

Signatures

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\shutdown.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\system32\shutdown.exe
      shutdown.exe -s -t 45
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3316
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39ad855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:4132

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads