File name: | 3.bat |
Full analysis: | https://app.any.run/tasks/3352fb5f-2951-4e77-a2c6-381b41b800ed |
Verdict: | Malicious activity |
Analysis date: | June 16, 2019, 05:43:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | 35F4B666420956A2F0B890A349909037 |
SHA1: | 8CB482CF4ABB9720C1ADAF80FD752A6D959E85B2 |
SHA256: | 3768C2AFB2804DD3A795D8238A4CC2851AD56C99A03821C9FCD097235E5FEEC1 |
SSDEEP: | 24:2YZLRyMtZF/6RK1f6uSXeGxs6uSXeGxQuDA1wY6XjN5SBllYHlV/W01RVp/UPA7o:L7y4qK9TweGaTweGOveCBHcf/BmpP9 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3948 | cmd /c ""C:\Users\admin\Desktop\3.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3216 | more +1 *.bat | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3352 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\11.vbs" | C:\Windows\System32\WScript.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2748 | "C:\Windows\System32\cmd.exe" /c 1.bat | C:\Windows\System32\cmd.exe | WScript.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3972 | C:\Windows\system32\cmd.exe /c dir /a-d /b /s *.exe *.jpg | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2104 | C:\Windows\system32\cmd.exe /c "dir /a/s/b/on *.exe *.jpg" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3632 | more +1 1.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3120 | more +1 2.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3512 | more +1 3.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3796 | more +1 1.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3948 | cmd.exe | C:\Users\admin\Desktop\11.txt | — | |
MD5:— | SHA256:— | |||
2748 | cmd.exe | C:\Users\admin\Desktop\a.tmp | — | |
MD5:— | SHA256:— | |||
2748 | cmd.exe | C:\Users\admin\Desktop\2.txt | text | |
MD5:A33128BFAD18C2BC70BB71AFC85B695D | SHA256:D3E4A7D7DF714FC0E6AF57368F49D6B4228B8C7685502DC758E24FE0AC41E50E | |||
3948 | cmd.exe | C:\Users\admin\Desktop\11.vbs | text | |
MD5:4147A1048445E7C844C2290451C48021 | SHA256:220C78E43596F8F688DDD34972A79EAB1981E11957E95A5854D987EA02F3A0E6 | |||
3948 | cmd.exe | C:\Users\admin\Desktop\a.tmp | text | |
MD5:BCD647BE458A4559952C1B9BC5503FA2 | SHA256:DAF1C61B91B096D473B1821C2E7704F10F9512EE384DCF848474FE63CDD598F8 | |||
2748 | cmd.exe | C:\Users\admin\Desktop\1.txt | text | |
MD5:7918A8AB22084CF57FF36B5D0A51F448 | SHA256:9BDE2F34DA06FCB76D119EED84BDE357A036317C24F2B55FDA4A87D44FC0AB75 | |||
3948 | cmd.exe | C:\Users\admin\Desktop\1.bat | text | |
MD5:BCD647BE458A4559952C1B9BC5503FA2 | SHA256:DAF1C61B91B096D473B1821C2E7704F10F9512EE384DCF848474FE63CDD598F8 | |||
2748 | cmd.exe | C:\Users\admin\Desktop\3.txt | text | |
MD5:2C2FD0AA59081A77AC37270366D48E43 | SHA256:000CE4B8BDF8FA872F501903D5B82172B9C184C69DACB158AD281DA419A151A9 | |||
2748 | cmd.exe | C:\Users\admin\Desktop\4.txt | text | |
MD5:DAC0D24A7F8AC08CE268A751BCEBCD8F | SHA256:AF70D41C4F3F47E391A42125A7E1F7A65AC6CD00ADDBBFE3D88B3B4454CE5A9A | |||
2748 | cmd.exe | C:\Users\admin\Desktop\Rar.exe | executable | |
MD5:FD5EFD73394BA1B411C356FA849BF3F1 | SHA256:8014C516D154A6E17FDF3C40806B775F75B21E18E4047BF1D898A072EE4E3311 |