File name: | 5.bat |
Full analysis: | https://app.any.run/tasks/54d81a19-197b-42f8-8a4e-bcb1b27109f3 |
Verdict: | Malicious activity |
Analysis date: | June 16, 2019, 05:27:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-msdos-batch |
File info: | DOS batch file, ASCII text, with CRLF line terminators |
MD5: | 8FEC728C50D4775ECB1E6490109052B1 |
SHA1: | 2E1A92A6671AEF7A5268A96FAED6DC191CD02417 |
SHA256: | A5AE9146FB009435A838109A4C9A688CB79601AF4127B84EB163BCEBC5EF0D4C |
SSDEEP: | 48:dJZk7y4qK3TweGaTweGORTeCBrTJWeG5TJe+NGjWF4cf/FHk:dwZqKjkykORTX8llsjGPHk |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2608 | cmd /c ""C:\Users\admin\Desktop\5.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3008 | mshta vbscript:createobject("wscript.shell").run("""5.bat"" h",0)(window.close) | C:\Windows\system32\mshta.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft (R) HTML Application host Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1028 | cmd /c ""C:\Users\admin\Desktop\5.bat" h" | C:\Windows\system32\cmd.exe | mshta.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1132 | C:\Windows\system32\cmd.exe /c dir h /a-d /b /s *.exe *.jpg *.doc *.rtf | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3004 | C:\Windows\system32\cmd.exe /c "dir /a/s/b/on *.exe *.jpg *.doc *.rtf" | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3900 | rar.exe a -hpbu2ebxq0spiqlluux292tjq9y618e8d4xlqecexg -df lucknum-3khhjm.rar 4.txt | C:\Users\admin\Desktop\Rar.exe | — | cmd.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: Command line RAR Exit code: 0 Version: 5.60.0 | ||||
2152 | more +1 1.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3104 | more +1 2.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1900 | more +1 3.txt | C:\Windows\system32\more.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: More Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2360 | rar.exe a -hph9wx2mpd2 "5phvf0ms9.rar" "C:\Users\admin\Desktop\blockformat.jpg " | C:\Users\admin\Desktop\Rar.exe | — | cmd.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: Command line RAR Exit code: 0 Version: 5.60.0 |
(PID) Process: | (3008) mshta.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (3008) mshta.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (3660) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosX |
Value: 110 | |||
(PID) Process: | (3660) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosY |
Value: 110 | |||
(PID) Process: | (3660) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosDX |
Value: 960 | |||
(PID) Process: | (3660) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosDY |
Value: 501 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1028 | cmd.exe | C:\Users\admin\Desktop\a.tmp | — | |
MD5:— | SHA256:— | |||
1028 | cmd.exe | C:\Users\admin\Desktop\4.txt | text | |
MD5:46CB933FB75DA83A137438319C88B827 | SHA256:91D1A7E9F1840124BDFB58F5E8303BCADDD9C9EBE5483F9FF6E01A140494F6E4 | |||
1028 | cmd.exe | C:\Users\admin\Desktop\2.txt | text | |
MD5:DB7595D008ABF03E8E64C05495060DCD | SHA256:D1450903382C039478532C894D300CECFCBA9278F262A404927564E02363ED2E | |||
1028 | cmd.exe | C:\Users\admin\Desktop\3.txt | text | |
MD5:EB9E02B5C09A5A61D58002E411D63D9F | SHA256:73AAE2D288703ABCE5AD7A23CA043260C243EE10F1BC5E0806C141D94FB64C49 | |||
1028 | cmd.exe | C:\Users\admin\Desktop\1.txt | text | |
MD5:DE57001FBBB55B334E3838D9F38DEFC0 | SHA256:BC4915427B99BCDB6F71B0254E4FC695375BBA42B737B5B52951DE478D7C6DB5 | |||
3900 | Rar.exe | C:\Users\admin\Desktop\lucknum-3khhjm.rar | compressed | |
MD5:BDDF45EF9272B3DC1930EB741C4DD1DC | SHA256:DA3054D46B9EBB3B10E47789274161574E0DB68A241AB1D7FDE81A042F07915D | |||
2360 | Rar.exe | C:\Users\admin\Desktop\5phvf0ms9.rar | compressed | |
MD5:14AC5870E2AEE825B379A0ECE0A4124B | SHA256:2A80EADBCBD2EF9768FFD9EB0FF96895673A5026DA86427530978637EAC3DB80 | |||
1028 | cmd.exe | C:\Users\admin\Desktop\5.txt | text | |
MD5:5D8CB6533DA014CDF59310BBC72C0A85 | SHA256:731A9A9075AD634A1527E0FB85460D63039A54D93F6050CA581C65ABE14366C3 | |||
3008 | mshta.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\error[1] | html | |
MD5:16AA7C3BEBF9C1B84C9EE07666E3207F | SHA256:7990E703AE060C241EBA6257D963AF2ECF9C6F3FBDB57264C1D48DDA8171E754 | |||
2188 | Rar.exe | C:\Users\admin\Desktop\seaiodpqe.rar | compressed | |
MD5:B5C12C7BACB2680881C9CC5422622837 | SHA256:B80860F0B8B716614CF9BF47E9F365208999279CF889B524373B726BF6723D27 |