File name: | _Win10-BlackViper.bat |
Full analysis: | https://app.any.run/tasks/10ff13f5-8716-42cf-bd8c-1b5158e0afea |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 08:45:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-msdos-batch |
File info: | DOS batch file, ASCII text |
MD5: | 109D14AB8D3CE4509458310DA331210A |
SHA1: | 515801A3EF8EBC60D4B35E7C65835D0AADC24661 |
SHA256: | 0EEE1D1CB6AFB29B0A37751B83B17D0C76774AA2A84787C1017A73D8BC93637B |
SSDEEP: | 96:FxSeXKNxNzJ+/svO5EBOvXf/UhT5FpXFEH1gzFdBbTYkd:FxF6NxNN+EvO5EOXf/UhVqH1gzFdBbTb |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2828 | cmd /c ""C:\Users\admin\Desktop\_Win10-BlackViper.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2000 | PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& 'C:\Users\admin\Desktop\BlackViper-Win10.ps1' " -Verb RunAs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2000 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TCM12BE7OGRGEC105DU4.temp | — | |
MD5:— | SHA256:— | |||
2000 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF14e58c.TMP | binary | |
MD5:0457CDA1DF077637529C072830CE81BD | SHA256:E95DA7DB2853D8C05871EC5E907A10C527FD1903D6D1F247184AC0F710743829 | |||
2000 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:0457CDA1DF077637529C072830CE81BD | SHA256:E95DA7DB2853D8C05871EC5E907A10C527FD1903D6D1F247184AC0F710743829 |