7d8b06e433c1eb797aaaa5957088a414f0dc8d9cd19302dbd2905df61dedb84b

Resubmissions

13/10/2024, 03:58

241013-ejjbrsyaqb 3

13/10/2024, 03:55

241013-egwjbaxhrh 3

Analysis

max time kernel
93s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sss/kitty.cc checkers.bat
Size

833B
MD5

76f2916842fa2b9cf80a206374b62d88
SHA1

c04a8f8db6388dad5e3c7e3edbbe9467e46cdd48
SHA256

59a907b93585ff90f7c69e4eddde938b8005807fe16a5a45b56820e28e07edcd
SHA512

5e0ffbc4e939568237d27c53e60eed88de8474b0d6ae9e767e66e8858cd3de7467f2b48b29a02a2a1b2e8922ed4bb4eb300632796ea39e531037f194ffac7eba

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3652	WMIC.exe
Token: SeSecurityPrivilege	3652	WMIC.exe
Token: SeTakeOwnershipPrivilege	3652	WMIC.exe
Token: SeLoadDriverPrivilege	3652	WMIC.exe
Token: SeSystemProfilePrivilege	3652	WMIC.exe
Token: SeSystemtimePrivilege	3652	WMIC.exe
Token: SeProfSingleProcessPrivilege	3652	WMIC.exe
Token: SeIncBasePriorityPrivilege	3652	WMIC.exe
Token: SeCreatePagefilePrivilege	3652	WMIC.exe
Token: SeBackupPrivilege	3652	WMIC.exe
Token: SeRestorePrivilege	3652	WMIC.exe
Token: SeShutdownPrivilege	3652	WMIC.exe
Token: SeDebugPrivilege	3652	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3652	WMIC.exe
Token: SeRemoteShutdownPrivilege	3652	WMIC.exe
Token: SeUndockPrivilege	3652	WMIC.exe
Token: SeManageVolumePrivilege	3652	WMIC.exe
Token: 33	3652	WMIC.exe
Token: 34	3652	WMIC.exe
Token: 35	3652	WMIC.exe
Token: 36	3652	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3652	WMIC.exe
Token: SeSecurityPrivilege	3652	WMIC.exe
Token: SeTakeOwnershipPrivilege	3652	WMIC.exe
Token: SeLoadDriverPrivilege	3652	WMIC.exe
Token: SeSystemProfilePrivilege	3652	WMIC.exe
Token: SeSystemtimePrivilege	3652	WMIC.exe
Token: SeProfSingleProcessPrivilege	3652	WMIC.exe
Token: SeIncBasePriorityPrivilege	3652	WMIC.exe
Token: SeCreatePagefilePrivilege	3652	WMIC.exe
Token: SeBackupPrivilege	3652	WMIC.exe
Token: SeRestorePrivilege	3652	WMIC.exe
Token: SeShutdownPrivilege	3652	WMIC.exe
Token: SeDebugPrivilege	3652	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3652	WMIC.exe
Token: SeRemoteShutdownPrivilege	3652	WMIC.exe
Token: SeUndockPrivilege	3652	WMIC.exe
Token: SeManageVolumePrivilege	3652	WMIC.exe
Token: 33	3652	WMIC.exe
Token: 34	3652	WMIC.exe
Token: 35	3652	WMIC.exe
Token: 36	3652	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3656	WMIC.exe
Token: SeSecurityPrivilege	3656	WMIC.exe
Token: SeTakeOwnershipPrivilege	3656	WMIC.exe
Token: SeLoadDriverPrivilege	3656	WMIC.exe
Token: SeSystemProfilePrivilege	3656	WMIC.exe
Token: SeSystemtimePrivilege	3656	WMIC.exe
Token: SeProfSingleProcessPrivilege	3656	WMIC.exe
Token: SeIncBasePriorityPrivilege	3656	WMIC.exe
Token: SeCreatePagefilePrivilege	3656	WMIC.exe
Token: SeBackupPrivilege	3656	WMIC.exe
Token: SeRestorePrivilege	3656	WMIC.exe
Token: SeShutdownPrivilege	3656	WMIC.exe
Token: SeDebugPrivilege	3656	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3656	WMIC.exe
Token: SeRemoteShutdownPrivilege	3656	WMIC.exe
Token: SeUndockPrivilege	3656	WMIC.exe
Token: SeManageVolumePrivilege	3656	WMIC.exe
Token: 33	3656	WMIC.exe
Token: 34	3656	WMIC.exe
Token: 35	3656	WMIC.exe
Token: 36	3656	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3656	WMIC.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1824	2236	cmd.exe	85
PID 2236 wrote to memory of 1824	2236	cmd.exe	85
PID 2236 wrote to memory of 3652	2236	cmd.exe	86
PID 2236 wrote to memory of 3652	2236	cmd.exe	86
PID 2236 wrote to memory of 3656	2236	cmd.exe	88
PID 2236 wrote to memory of 3656	2236	cmd.exe	88
PID 2236 wrote to memory of 3432	2236	cmd.exe	89
PID 2236 wrote to memory of 3432	2236	cmd.exe	89
PID 2236 wrote to memory of 544	2236	cmd.exe	90
PID 2236 wrote to memory of 544	2236	cmd.exe	90
PID 2236 wrote to memory of 1536	2236	cmd.exe	92
PID 2236 wrote to memory of 1536	2236	cmd.exe	92
PID 2236 wrote to memory of 3616	2236	cmd.exe	94
PID 2236 wrote to memory of 3616	2236	cmd.exe	94
PID 2236 wrote to memory of 5112	2236	cmd.exe	95
PID 2236 wrote to memory of 5112	2236	cmd.exe	95
PID 2236 wrote to memory of 4820	2236	cmd.exe	96
PID 2236 wrote to memory of 4820	2236	cmd.exe	96

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\sss\kitty.cc checkers.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\system32\mode.com
  mode con: cols=180 lines=62
  2⤵
  PID:1824
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3652
- C:\Windows\System32\Wbem\WMIC.exe
  wmic baseboard get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3656
- C:\Windows\System32\Wbem\WMIC.exe
  wmic path win32_computersystemproduct get uuid
  2⤵
  PID:3432
- C:\Windows\System32\Wbem\WMIC.exe
  wmic PATH Win32_VideoController GET Description,PNPDeviceID
  2⤵
  PID:544
- C:\Windows\System32\Wbem\WMIC.exe
  wmic memorychip get serialnumber
  2⤵
  PID:1536
- C:\Windows\System32\Wbem\WMIC.exe
  wmic csproduct get uuid
  2⤵
  PID:3616
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get processorid
  2⤵
  PID:5112
- C:\Windows\System32\Wbem\WMIC.exe
  wmic path Win32_NetworkAdapter where "PNPDeviceID like '%PCI%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress
  2⤵
  PID:4820

Windows 7 deprecation

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads