Overview

overview

10

Static

static

1

4-log clea...ar.bat

windows11-21h2-x64

1

4-log clea...er.bat

windows11-21h2-x64

1

ALL GPUS O...ON.bat

windows11-21h2-x64

1

input lag ...te.cmd

windows11-21h2-x64

6

input lag ...ON.bat

windows11-21h2-x64

9

input lag ...ix.bat

windows11-21h2-x64

10

input lag ...ix.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/11/2024, 00:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    input lag and system config/PERFORMER by f4fix.bat

  • Size

    11KB

  • MD5

    dcbb5607dd7def7f8f498b2e0f608cd2

  • SHA1

    ec69ab76abc84fd81f22dc60329e4a1bb94f50f3

  • SHA256

    9d3b49d6b29d680cc49579685c8bcb062f9acdcfdd822c4ae3f29fdc9c31504e

  • SHA512

    c64256f86d1e9684715649e7c0f8f7fc5136b34c70276ca509385d5b0dee3b4d2bb3363d2c041633aeae80ccb0b63b6a36ee4529d46f73b8b0d46a0d536a65ad

  • SSDEEP

    96:/2AUMT2WzMTJVxZzVqL3lzjFzMTyh55UERdmUcB:/JBT2WQTJe7vQTs+

Score
10/10
discoveryevasionexecution

Malware Config

Signatures

  • Disables service(s) 3 TTPs
    evasionexecution
  • Launches sc.exe 11 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 28 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs net.exe
  • Runs ping.exe 1 TTPs 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\input lag and system config\PERFORMER by f4fix.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Windows\system32\net.exe
      net stop XboxGipSvc
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2368
      • C:\Windows\system32\net1.exe
        C:\Windows\system32\net1 stop XboxGipSvc
        3⤵
          PID:4360
      • C:\Windows\system32\sc.exe
        sc config XboxGipSvc start= Disabled
        2⤵
        • Launches sc.exe
        PID:2380
      • C:\Windows\system32\net.exe
        net stop XblAuthManager
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2568
        • C:\Windows\system32\net1.exe
          C:\Windows\system32\net1 stop XblAuthManager
          3⤵
            PID:1600
        • C:\Windows\system32\sc.exe
          sc config XblAuthManager start= Disabled
          2⤵
          • Launches sc.exe
          PID:3548
        • C:\Windows\system32\net.exe
          net stop XblGameSave
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:4364
          • C:\Windows\system32\net1.exe
            C:\Windows\system32\net1 stop XblGameSave
            3⤵
              PID:4212
          • C:\Windows\system32\sc.exe
            sc config XblGameSave start= Disabled
            2⤵
            • Launches sc.exe
            PID:4176
          • C:\Windows\system32\net.exe
            net stop XboxNetApiSvc
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:660
            • C:\Windows\system32\net1.exe
              C:\Windows\system32\net1 stop XboxNetApiSvc
              3⤵
                PID:3836
            • C:\Windows\system32\sc.exe
              sc config XboxNetApiSvc start= Disabled
              2⤵
              • Launches sc.exe
              PID:2644
            • C:\Windows\system32\PING.EXE
              ping localhost -n
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:1652
            • C:\Windows\system32\PING.EXE
              ping localhost -n 2
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:4256
            • C:\Windows\system32\PING.EXE
              ping localhost -n 2
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:1856
            • C:\Windows\system32\PING.EXE
              ping localhost -n 2
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:2272
            • C:\Windows\system32\PING.EXE
              ping localhost -n 2
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:4492
            • C:\Windows\system32\PING.EXE
              ping localhost -n 2
              2⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Runs ping.exe
              PID:2128
            • C:\Windows\system32\net.exe
              net stop wuauserv
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:4028
              • C:\Windows\system32\net1.exe
                C:\Windows\system32\net1 stop wuauserv
                3⤵
                  PID:4056
              • C:\Windows\system32\sc.exe
                sc config wuauserv start= Disabled
                2⤵
                • Launches sc.exe
                PID:412
              • C:\Windows\system32\net.exe
                net stop WaaSMedicSvc
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:4736
                • C:\Windows\system32\net1.exe
                  C:\Windows\system32\net1 stop WaaSMedicSvc
                  3⤵
                    PID:1560
                • C:\Windows\system32\sc.exe
                  sc config WaaSMedicSvc start= Disabled
                  2⤵
                  • Launches sc.exe
                  PID:2564
                • C:\Windows\system32\PING.EXE
                  ping localhost -n
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:3728
                • C:\Windows\system32\PING.EXE
                  ping localhost -n 2
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:1632
                • C:\Windows\system32\PING.EXE
                  ping localhost -n 2
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:2924
                • C:\Windows\system32\PING.EXE
                  ping localhost -n 2
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:2744
                • C:\Windows\system32\PING.EXE
                  ping localhost -n 2
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:2916
                • C:\Windows\system32\PING.EXE
                  ping localhost -n 2
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:872
                • C:\Windows\system32\PING.EXE
                  ping localhost -n 2
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:3036
                • C:\Windows\system32\PING.EXE
                  ping localhost -n 5
                  2⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:3540
                • C:\Windows\system32\net.exe
                  net stop uhssvc
                  2⤵
                    PID:960
                    • C:\Windows\system32\net1.exe
                      C:\Windows\system32\net1 stop uhssvc
                      3⤵
                        PID:3284
                    • C:\Windows\system32\sc.exe
                      sc config uhssvc start= Disabled
                      2⤵
                      • Launches sc.exe
                      PID:4200
                    • C:\Windows\system32\net.exe
                      net stop SEMgrSvc
                      2⤵
                        PID:4440
                        • C:\Windows\system32\net1.exe
                          C:\Windows\system32\net1 stop SEMgrSvc
                          3⤵
                            PID:3972
                        • C:\Windows\system32\sc.exe
                          sc config SEMgrSvc start= Disabled
                          2⤵
                          • Launches sc.exe
                          PID:800
                        • C:\Windows\system32\PING.EXE
                          ping localhost -n
                          2⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:1156
                        • C:\Windows\system32\PING.EXE
                          ping localhost -n 2
                          2⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:4020
                        • C:\Windows\system32\PING.EXE
                          ping localhost -n 2
                          2⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:2620
                        • C:\Windows\system32\PING.EXE
                          ping localhost -n 2
                          2⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:3308
                        • C:\Windows\system32\PING.EXE
                          ping localhost -n 2
                          2⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:1772
                        • C:\Windows\system32\PING.EXE
                          ping localhost -n 2
                          2⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:3184
                        • C:\Windows\system32\net.exe
                          net stop GoogleChromeElevationService
                          2⤵
                            PID:4140
                            • C:\Windows\system32\net1.exe
                              C:\Windows\system32\net1 stop GoogleChromeElevationService
                              3⤵
                                PID:4768
                            • C:\Windows\system32\sc.exe
                              sc config GoogleChromeElevationService start= Disabled
                              2⤵
                              • Launches sc.exe
                              PID:5016
                            • C:\Windows\system32\net.exe
                              net stop gupdate
                              2⤵
                                PID:3624
                                • C:\Windows\system32\net1.exe
                                  C:\Windows\system32\net1 stop gupdate
                                  3⤵
                                    PID:3008
                                • C:\Windows\system32\sc.exe
                                  sc config gupdate start= Disabled
                                  2⤵
                                  • Launches sc.exe
                                  PID:4776
                                • C:\Windows\system32\net.exe
                                  net stop gupdatem
                                  2⤵
                                    PID:448
                                    • C:\Windows\system32\net1.exe
                                      C:\Windows\system32\net1 stop gupdatem
                                      3⤵
                                        PID:1276
                                    • C:\Windows\system32\sc.exe
                                      sc config gupdatem start= Disabled
                                      2⤵
                                      • Launches sc.exe
                                      PID:1208
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:3432
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n 2
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:496
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n 2
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:4060
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n 2
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:4716
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n 2
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:1416
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n 2
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:772
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n 2
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:4660
                                    • C:\Windows\system32\PING.EXE
                                      ping localhost -n 5
                                      2⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Runs ping.exe
                                      PID:2088

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads