download: | OpenMe.bat |
Full analysis: | https://app.any.run/tasks/4c09588e-1074-4a6f-ae52-6f2e6d17f4c3 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 17:39:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-msdos-batch |
File info: | DOS batch file, ASCII text, with very long lines |
MD5: | 997DD0666FF4531F230ECFA1C82A8727 |
SHA1: | CBB0C985669A028DE0559B20B0815F39AD48415B |
SHA256: | 90783B1907D0907CEFFE0653C2831D69FBB759B324652ACA890EB5EE07783C23 |
SSDEEP: | 24:qdH7grM8OQzMX8VQiu+5DD9l6eGv9gggggggggnMwRJ7:gmrOrsDfrMI |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2452 | cmd /c ""C:\Users\admin\AppData\Local\Temp\OpenMe.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2376 | REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Zipped /t REG_SZ /d "C:\Users\admin\AppData\Local\Temp\OpenMe.bat" /f | C:\Windows\system32\reg.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1856 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
848 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2924 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3348 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1984 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2352 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3400 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2112 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
(PID) Process: | (2376) reg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Zipped |
Value: C:\Users\admin\AppData\Local\Temp\OpenMe.bat |
PID | Process | Filename | Type | |
---|---|---|---|---|
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\4ever.txt | text | |
MD5:E2C31B09076A8FCAE00AA69E50862ECF | SHA256:7A481A3B036C1D031A087CF91F48D94E768BA7D5B0B37632E690355D8CAA44A2 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\BOOT.txt | text | |
MD5:0183860601423F836774C3CED36804C7 | SHA256:66732DD3C136F1A55105E72D0C5606AFEC1CB00591CD1F33672992A7A2A5B358 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\289616130710814196325452645070916202318262045619914.txt | text | |
MD5:7E7A9DBFCACF26829EE7B56245B259EA | SHA256:B9534220073380A00C0219E215582988F0D728664C320B6C073017981F15A479 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\221109751737099432336112372314487168237103173321002.txt | text | |
MD5:7E7A9DBFCACF26829EE7B56245B259EA | SHA256:B9534220073380A00C0219E215582988F0D728664C320B6C073017981F15A479 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\323852915229737139681440610834145501657310847221194280.txt | text | |
MD5:7E7A9DBFCACF26829EE7B56245B259EA | SHA256:B9534220073380A00C0219E215582988F0D728664C320B6C073017981F15A479 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\2831612012173261017927175563415501268102081647721029.txt | text | |
MD5:7E7A9DBFCACF26829EE7B56245B259EA | SHA256:B9534220073380A00C0219E215582988F0D728664C320B6C073017981F15A479 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\2919037871887199492114516385143861390820480118267080.txt | text | |
MD5:7E7A9DBFCACF26829EE7B56245B259EA | SHA256:B9534220073380A00C0219E215582988F0D728664C320B6C073017981F15A479 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\29421743315089258464700914438832705220817303117173.txt | text | |
MD5:7E7A9DBFCACF26829EE7B56245B259EA | SHA256:B9534220073380A00C0219E215582988F0D728664C320B6C073017981F15A479 | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\15594665772825066271681911516692189602887426920491.txt | text | |
MD5:AF4B00A11164EEE54593BEC69B8504C2 | SHA256:1B0D86E334E1AF2012F5BEC2236393A7CC6406EDC5FC5BB19014EBBB9C56CE4F | |||
2452 | cmd.exe | C:\Users\admin\AppData\Local\Temp\98342342226181231301882916272247991852528497253772775.txt | text | |
MD5:7E7A9DBFCACF26829EE7B56245B259EA | SHA256:B9534220073380A00C0219E215582988F0D728664C320B6C073017981F15A479 |