File name: | DRAGON_TWEAKER_V3.bat |
Full analysis: | https://app.any.run/tasks/a950d11c-6f3b-4c7b-b9ef-1e2d379b04c2 |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 22:11:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | 7DF696BC3706FBD34309ED52D82A643B |
SHA1: | 9D189F4B672C344B78CF0EAD3A1DDA1A0E0FD50E |
SHA256: | 65BE96447511DDFA660B92344161E404186392532617A35529980A292DD560D2 |
SSDEEP: | 192:Zsqc7g760hOU5Mpcm2+QAPideBYpqV4/cOnM/oqSg2GtZjFqA1CXsoh:OJ7wpEcm2+QA2x0PotRNXsoh |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3268 | cmd /c ""C:\Users\admin\AppData\Local\Temp\DRAGON_TWEAKER_V3.bat" " | C:\Windows\system32\cmd.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1380 | mode con cols=110 lines=25 | C:\Windows\system32\mode.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: DOS Device MODE Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2644 | C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2840 | ping 127.0.0.1 -n 3 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3468 | findstr /v /a:0b /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " [" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4064 | findstr /v /a:04 /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "D" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2184 | findstr /v /a:0b /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "] " nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
888 | findstr /v /a:0b /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; " [" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2828 | findstr /v /a:04 /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "R" nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3204 | findstr /v /a:0b /R "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; "] " nul | C:\Windows\system32\findstr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ [ | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\D | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\] | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ [ | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\R | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\A | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\G | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\O | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\N | — | |
MD5:— | SHA256:— | |||
3268 | cmd.exe | C:\Users\admin\AppData\Local\Temp\ [ | — | |
MD5:— | SHA256:— |
Process | Message |
---|---|
cmd.exe | Invalid parameter passed to C runtime function.
|