File name: | Kanade_Pinger.bat |
Full analysis: | https://app.any.run/tasks/4be1dedc-486d-4187-b59d-c716c46680bc |
Verdict: | Malicious activity |
Analysis date: | July 13, 2020, 03:45:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-msdos-batch |
File info: | DOS batch file, ASCII text, with CRLF line terminators, with escape sequences |
MD5: | 360813CCB1A0585E4C5A53F6CDF11FF6 |
SHA1: | 913B6B342AEAC78C3095BEA21E2B611C39A0BE6B |
SHA256: | 82688BA4FDC0B039D1A5C5862532A8719D139FD40C6FE2C139DE485F53498B80 |
SSDEEP: | 24:9eorLCePVPaqICP+fM3FTjWbJM++SLpzYt:9eELCe9SqICGkTmJM8LRYt |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1156 | cmd /c ""C:\Users\admin\AppData\Local\Temp\Kanade_Pinger.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3032 | mode con lines=40 cols=90 | C:\Windows\system32\mode.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: DOS Device MODE Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
768 | PING -n 1 1.1.1.1 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2096 | FIND "TTL=" | C:\Windows\system32\find.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2872 | PING -n 1 1.1.1.1 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2396 | FIND "TTL=" | C:\Windows\system32\find.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4092 | PING -n 1 1.1.1.1 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
320 | FIND "TTL=" | C:\Windows\system32\find.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2500 | PING -n 1 1.1.1.1 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2460 | FIND "TTL=" | C:\Windows\system32\find.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |