File name:

VelocityFreeTweakingUtility.bat

Full analysis: https://app.any.run/tasks/59f6e11d-2420-451f-bbba-4cebd9c717ac
Verdict: Malicious activity
Analysis date: August 23, 2024, 12:28:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: text/plain
File info: Unicode text, UTF-8 text, with CRLF line terminators, with escape sequences
MD5:

C410192A848F49BEFB5EADCE93C721D8

SHA1:

AE716ED832E822D646503BAFB81816634FCFC8AD

SHA256:

4F18502B6CA846E63158F410D48B5E17C23E82A4B4215CBEF0D9790D29EBDBE5

SSDEEP:

768:Z9xLd2QLQpbf4ALi8nYMiEpIwuzd7Q/cJSirt:1x50pbfJcMiECx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • cmd.exe (PID: 6744)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 6744)

    • Starts application with an unusual extension

      • cmd.exe (PID: 6744)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 6744)

  • INFO

    • Changes the display of characters in the console

      • chcp.com (PID: 6824)

    • Checks supported languages

      • chcp.com (PID: 6824)
      • mode.com (PID: 6844)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
38
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cmd.exe no specs conhost.exe no specs cmd.exe no specs chcp.com no specs mode.com no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1288findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "]" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3384findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " [" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3540findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " [" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5920findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "]" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6180findstr /v /a:5 /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "6" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6208findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "]" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6240findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "]" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6268findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " [" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6272findstr /v /a:F /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " [" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6288findstr /v /a:5 /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "8" nul C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
962
Read events
962
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
32
Unknown types
0

Dropped files

PID
Process
Filename
Type
6744cmd.exeC:\Users\admin\Desktop\5text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\2text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\1text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\6text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\]text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\3text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\4text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\0text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\9text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
6744cmd.exeC:\Users\admin\Desktop\7text
MD5:DF66FA563A2FAFDB93CC559DEB0A38C4
SHA256:3E39ED22DC63246937C4DBBF34CE4FB1CFE6B00DE7596B020CAD49AE50031351
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
15
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3272
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5300
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
5300
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4324
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5300
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VelocityFreeTweakingUtility.bat