File name:

destructEXP.txt

Full analysis: https://app.any.run/tasks/2b5b74e2-b8a3-4eb8-8e27-56c86a7fbaa7
Verdict: Malicious activity
Analysis date: December 05, 2022, 20:56:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/x-msdos-batch
File info: DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5:

09B0299C777DEC3882E187E3E0B58FEF

SHA1:

D9AEEDB1FC1985609326300F7EDB17AA6A4ABABF

SHA256:

535DEBF2E733A9E50DD0604E9795DC8206F2F6EE74326C13F0C756053E25DFC6

SSDEEP:

48:gFSeJFSecJfWEVBfcIBxDp+w+9UretOQTtGSQySxHQD8cFP:g7SLRJvDptiUretOQTtGSQySxHQD8cFP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Deletes shadow copies

      • cmd.exe (PID: 3048)
    • Using BCDEDIT.EXE to modify recovery options

      • cmd.exe (PID: 3048)
    • Creates a writable file the system directory

      • SearchIndexer.exe (PID: 2312)
  • SUSPICIOUS

    • Executes as Windows Service

      • vds.exe (PID: 1388)
      • wbengine.exe (PID: 752)
      • vssvc.exe (PID: 4072)
      • SearchIndexer.exe (PID: 2312)
      • SearchIndexer.exe (PID: 3508)
  • INFO

    • Manual execution by a user

      • cmd.exe (PID: 3048)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
115
Monitored processes
69
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start