File name: | 6.bat |
Full analysis: | https://app.any.run/tasks/1d2598b9-9041-4b44-8b4f-ec97dd124909 |
Verdict: | Malicious activity |
Analysis date: | June 16, 2019, 05:31:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-msdos-batch |
File info: | DOS batch file, ASCII text, with CRLF line terminators |
MD5: | EB93FE9227DAEF73E9D4EE9AA589BCE0 |
SHA1: | A84F0B84FE2D32408C4B33C5DDA4A817110DBC20 |
SHA256: | 8EFD51D4F94EEA731B86E8F434B884703A339164704724821EFCFB4651A0A838 |
SSDEEP: | 48:dJZk7y4qK3TweGaTweGORTeCBrTJWeG5TJe+NGjWF4cf/Kk:dwZqKjkykORTX8llsjG8k |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3296 | cmd /c ""C:\Users\admin\Desktop\6.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2824 | mshta vbscript:createobject("wscript.shell").run("""6.bat"" h",0)(window.close) | C:\Windows\system32\mshta.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft (R) HTML Application host Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3204 | cmd /c ""C:\Users\admin\Desktop\6.bat" h" | C:\Windows\system32\cmd.exe | mshta.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2036 | C:\Windows\system32\cmd.exe /c dir h /a-d /b /s *.exe *.jpg *.doc *.rtf | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
772 | C:\Windows\system32\cmd.exe /c "dir /a/s/b/on *.exe *.jpg *.doc *.rtf" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
928 | rar.exe a -hpiyn2ex66aqokgykouiw3vekhr5vizxcncbtqe6ta -df lucknum-yxnnzp.rar 4.txt | C:\Users\admin\Desktop\Rar.exe | — | cmd.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: Command line RAR Exit code: 0 Version: 5.60.0 | ||||
3048 | more +1 1.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1872 | more +1 2.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1752 | more +1 3.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2596 | rar.exe a -hpcbh3jgpjv "5j87h5blw.rar" "C:\Users\admin\Desktop\commercialchat.rtf " | C:\Users\admin\Desktop\Rar.exe | — | cmd.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: Command line RAR Exit code: 0 Version: 5.60.0 |
(PID) Process: | (2824) mshta.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2824) mshta.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3204 | cmd.exe | C:\Users\admin\Desktop\a.tmp | — | |
MD5:— | SHA256:— | |||
3204 | cmd.exe | C:\Users\admin\Desktop\1.txt | text | |
MD5:602A0DD516C74A5C83F0297A5A2A8487 | SHA256:8FA8224DC1E87459DF0267DB28AE5281FCCCD357CC077667D43B8B355F2FC8EE | |||
3204 | cmd.exe | C:\Users\admin\Desktop\2.txt | text | |
MD5:F2B7837119A441BC2B452EBCA1392C9F | SHA256:EE0AE252A6CE7362E0DB7FBF36D099431EB3629D23436EC8A139A13E98CDE4E4 | |||
3204 | cmd.exe | C:\Users\admin\Desktop\3.txt | text | |
MD5:65644947AFF105F923E2C2E383BF5EC8 | SHA256:2562E72C2EC8F47C79496849A847E2F5240AD85D66892135546655858D63C672 | |||
3204 | cmd.exe | C:\Users\admin\Desktop\4.txt | text | |
MD5:6CA6A37B952A26446D5F46871C4577B3 | SHA256:9B8D80FF4EEE440ABB238E6FAE0618FFA43BB8280E8765851B36320F1D29BAC6 | |||
928 | Rar.exe | C:\Users\admin\Desktop\lucknum-yxnnzp.rar | compressed | |
MD5:3F3816CC3E35F81482C65894C3AEA060 | SHA256:3F7D078AEC82D37580203B86DC25812F31CF7507B4850C2C9C77AB78C2F2DD40 | |||
3204 | cmd.exe | C:\Users\admin\Desktop\5.txt | text | |
MD5:B3B8B01F8B8A5793B853C8079CB8ED65 | SHA256:4AD8BF405B6790B4F97D19F88D9162B4D3A437794E91A8E102941C1DCCD5B891 | |||
2824 | mshta.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\error[1] | html | |
MD5:16AA7C3BEBF9C1B84C9EE07666E3207F | SHA256:7990E703AE060C241EBA6257D963AF2ECF9C6F3FBDB57264C1D48DDA8171E754 | |||
3204 | cmd.exe | C:\Users\admin\Desktop\Rar.exe | executable | |
MD5:FD5EFD73394BA1B411C356FA849BF3F1 | SHA256:8014C516D154A6E17FDF3C40806B775F75B21E18E4047BF1D898A072EE4E3311 | |||
3204 | cmd.exe | C:\Users\admin\Desktop\commercialchat.rtf | text | |
MD5:37123CB34E79CF48107ADC0A7DA0B078 | SHA256:F60773371D982B5648D63C271E2A90FC60853ADAFC915CB820CC4D4BEF39F759 |