File name: | OVERFLOW.bat |
Full analysis: | https://app.any.run/tasks/fd610115-9488-428e-b6db-c81301b48dcd |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 22:57:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/plain |
File info: | UTF-8 Unicode text, with CRLF line terminators |
MD5: | 9E73F48BDDF4E021A9585A33CEF182C8 |
SHA1: | F89E2560CB5505148B1E335702DA9EE72C9C203F |
SHA256: | 243E0AFEC71D78720ED5E6E95A2E2BEA4BF20287CC79F60DAF86C8EBDF4232C6 |
SSDEEP: | 3:P3HeRsWYHqYYssYAHz3neRV:P3HeRsWvY81jneRV |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2636 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Desktop\OVERFLOW.bat" " | C:\Windows\system32\cmd.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
4056 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3948 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3076 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3116 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1708 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3400 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2372 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3148 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2696 | C:\Windows\system32\cmd.exe /K OVERFLOW.bat | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |