ab2d272037105f2f34b7b1572adbe05069cbcc0625115a2160df73118c25700f | Triage

Analysis

max time kernel
10s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
25/09/2024, 16:23

Sharing

Report Analysis Logs

General

Target

nn.bat
Size

7KB
MD5

a698281208df9c1bf652160db544df96
SHA1

95be6b96de22848da36e2031662ba66b3ac8bb5c
SHA256

ab2d272037105f2f34b7b1572adbe05069cbcc0625115a2160df73118c25700f
SHA512

875c67215b1f628d331df4792a0753ef3887de16505d62266ae514114f498fce3aa67abef521bce819a77146311995e686affeabc0cd251d076924e402262d0e
SSDEEP

96:g/WJ/2OwYDFOleGU8xCowaLpRgpeTfhyXz8aOO46bKJUHGYd1GYWRUvg16IGo6jb:JV2O9QCSQUzVRJUH1n1WRsg15u/co4i

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

pid	Process
4960	timeout.exe

Kills process with taskkill 1 IoCs

pid	Process
4844	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4844	taskkill.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 4960	1468	cmd.exe	71
PID 1468 wrote to memory of 4960	1468	cmd.exe	71
PID 1468 wrote to memory of 4844	1468	cmd.exe	72
PID 1468 wrote to memory of 4844	1468	cmd.exe	72

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\nn.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\system32\timeout.exe
  timeout /t 10 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:4960
- C:\Windows\system32\taskkill.exe
  taskkill /f /im svchost.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads