d3a307d6c9237b888e40f7ed3a3b590eefc1f9f9739740b03de99c1da56753c2

Analysis

max time kernel
92s
max time network
97s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

input lag and system config/Disable Hibernate.cmd
Size

402B
MD5

284599df6b01266b45d046d482d8eac3
SHA1

03caf4bbd7685edbc11cf7bb491954df0fb746ab
SHA256

257f0f71c865058ffbda583aadefaa5f2d9f5aca720cf4ae82842968418c0176
SHA512

2727bf2231dc03cdc2188dfd80fb835c3b551fe1dda9dbae38107c7bafb66053f9c9b6af32d4b41c55110aa6df67b40719914bf5ed4689cf5bd5409fa6b09bd3

Score

6^/10

persistence

Malware Config

Signatures

Power Settings 1 TTPs 1 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
1112	powercfg.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1112	powercfg.exe
Token: SeCreatePagefilePrivilege	1112	powercfg.exe
Token: SeShutdownPrivilege	1112	powercfg.exe
Token: SeCreatePagefilePrivilege	1112	powercfg.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 3704	5088	cmd.exe	80
PID 5088 wrote to memory of 3704	5088	cmd.exe	80
PID 5088 wrote to memory of 1112	5088	cmd.exe	81
PID 5088 wrote to memory of 1112	5088	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\input lag and system config\Disable Hibernate.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Windows\system32\fsutil.exe
  fsutil dirty query C:
  2⤵
  PID:3704
- C:\Windows\system32\powercfg.exe
  powercfg -h off
  2⤵
  - Power Settings
  - Suspicious use of AdjustPrivilegeToken
  PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Power Settings

T1653

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads