| File name: | EasyOs.bat |
| Full analysis: | https://app.any.run/tasks/3d87546b-4189-4ff7-8991-1fda7ed421b8 |
| Verdict: | Malicious activity |
| Analysis date: | January 24, 2022, 18:10:19 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | text/x-msdos-batch |
| File info: | DOS batch file, UTF-8 Unicode text, with CRLF line terminators |
| MD5: | 8B30FB9FAF7563762E1C4D310431A31C |
| SHA1: | B3E056141A01BF91997727FA68F47082B16EED22 |
| SHA256: | B96E13CD40185D50324D4EC3B5E72A483CBFBE0B543D4BE5F1D3B4DF7F82B9D2 |
| SSDEEP: | 192:5xEmtLWPlFVw8FcDCMDEQBej7zfzi4wQ2Rw:5xhtklBcuMDWzfzi4wQ9 |
MALICIOUS
No malicious indicators.SUSPICIOUS
Checks supported languages
- cmd.exe (PID: 2256)
- cmd.exe (PID: 2996)
- cmd.exe (PID: 3332)
- cmd.exe (PID: 3656)
- cmd.exe (PID: 3224)
- cmd.exe (PID: 3732)
- cmd.exe (PID: 2760)
- cmd.exe (PID: 2620)
- cmd.exe (PID: 3988)
- cmd.exe (PID: 3568)
- cmd.exe (PID: 2588)
- cmd.exe (PID: 2496)
- cmd.exe (PID: 2804)
- cmd.exe (PID: 3592)
- cmd.exe (PID: 3020)
- cmd.exe (PID: 2940)
- cmd.exe (PID: 3524)
- cmd.exe (PID: 636)
- cmd.exe (PID: 1600)
- cmd.exe (PID: 3608)
- cmd.exe (PID: 2880)
- cmd.exe (PID: 3244)
- cmd.exe (PID: 188)
- cmd.exe (PID: 1968)
- cmd.exe (PID: 2664)
- cmd.exe (PID: 3044)
- cmd.exe (PID: 3820)
- cmd.exe (PID: 2540)
- cmd.exe (PID: 472)
- cmd.exe (PID: 4076)
- cmd.exe (PID: 2440)
- cmd.exe (PID: 2112)
- cmd.exe (PID: 672)
- cmd.exe (PID: 3668)
- cmd.exe (PID: 2816)
- cmd.exe (PID: 3748)
- cmd.exe (PID: 3304)
- cmd.exe (PID: 3428)
- cmd.exe (PID: 2508)
- cmd.exe (PID: 2152)
- cmd.exe (PID: 1332)
- cmd.exe (PID: 3180)
- cmd.exe (PID: 2696)
- cmd.exe (PID: 492)
- cmd.exe (PID: 1556)
- cmd.exe (PID: 3276)
- cmd.exe (PID: 3776)
- cmd.exe (PID: 3588)
- cmd.exe (PID: 2236)
- cmd.exe (PID: 3980)
- cmd.exe (PID: 2856)
- cmd.exe (PID: 4016)
- cmd.exe (PID: 3028)
- cmd.exe (PID: 3564)
- cmd.exe (PID: 3368)
- cmd.exe (PID: 2572)
- cmd.exe (PID: 2848)
- cmd.exe (PID: 3468)
- cmd.exe (PID: 1124)
- cmd.exe (PID: 2268)
- cmd.exe (PID: 3576)
- cmd.exe (PID: 4084)
- cmd.exe (PID: 3372)
- cmd.exe (PID: 4052)
- cmd.exe (PID: 560)
- cmd.exe (PID: 984)
- cmd.exe (PID: 2296)
- cmd.exe (PID: 2496)
- cmd.exe (PID: 3900)
- cmd.exe (PID: 1444)
- cmd.exe (PID: 2476)
- cmd.exe (PID: 1300)
- cmd.exe (PID: 2388)
- cmd.exe (PID: 2052)
- cmd.exe (PID: 3244)
- cmd.exe (PID: 3688)
- cmd.exe (PID: 1372)
- cmd.exe (PID: 3484)
- cmd.exe (PID: 3420)
- cmd.exe (PID: 2176)
- cmd.exe (PID: 2692)
- cmd.exe (PID: 3820)
- cmd.exe (PID: 1236)
- cmd.exe (PID: 3364)
- cmd.exe (PID: 3248)
- cmd.exe (PID: 964)
- cmd.exe (PID: 3520)
- cmd.exe (PID: 3016)
- cmd.exe (PID: 3588)
- cmd.exe (PID: 3664)
- cmd.exe (PID: 2480)
- cmd.exe (PID: 1588)
- cmd.exe (PID: 2964)
- cmd.exe (PID: 2640)
- cmd.exe (PID: 3816)
- cmd.exe (PID: 3044)
- cmd.exe (PID: 1828)
- cmd.exe (PID: 3556)
- cmd.exe (PID: 4068)
- cmd.exe (PID: 1444)
- cmd.exe (PID: 968)
- cmd.exe (PID: 3936)
- cmd.exe (PID: 2580)
- cmd.exe (PID: 2300)
- cmd.exe (PID: 1800)
- cmd.exe (PID: 996)
- cmd.exe (PID: 1872)
- cmd.exe (PID: 1368)
- cmd.exe (PID: 3548)
- cmd.exe (PID: 3204)
- cmd.exe (PID: 3576)
- cmd.exe (PID: 4040)
- cmd.exe (PID: 2828)
- cmd.exe (PID: 2692)
- cmd.exe (PID: 3056)
- cmd.exe (PID: 3412)
- cmd.exe (PID: 1648)
- cmd.exe (PID: 3764)
- cmd.exe (PID: 2328)
- cmd.exe (PID: 600)
- cmd.exe (PID: 888)
- cmd.exe (PID: 3424)
- cmd.exe (PID: 2312)
- cmd.exe (PID: 2392)
- cmd.exe (PID: 520)
- cmd.exe (PID: 3744)
- cmd.exe (PID: 1408)
- cmd.exe (PID: 3176)
- cmd.exe (PID: 1592)
- cmd.exe (PID: 2536)
- cmd.exe (PID: 3612)
- cmd.exe (PID: 3544)
- cmd.exe (PID: 2952)
- cmd.exe (PID: 2568)
- cmd.exe (PID: 1424)
- cmd.exe (PID: 3080)
- cmd.exe (PID: 832)
- cmd.exe (PID: 1044)
- cmd.exe (PID: 3108)
- cmd.exe (PID: 1600)
- cmd.exe (PID: 3476)
- cmd.exe (PID: 2732)
- cmd.exe (PID: 712)
- cmd.exe (PID: 2664)
- cmd.exe (PID: 3680)
- cmd.exe (PID: 3684)
- cmd.exe (PID: 2480)
- cmd.exe (PID: 1116)
- cmd.exe (PID: 2260)
- cmd.exe (PID: 2960)
- cmd.exe (PID: 3116)
- cmd.exe (PID: 2984)
- cmd.exe (PID: 3852)
- cmd.exe (PID: 2104)
- cmd.exe (PID: 2180)
- cmd.exe (PID: 3164)
- cmd.exe (PID: 492)
- cmd.exe (PID: 880)
- cmd.exe (PID: 3012)
- cmd.exe (PID: 1292)
- cmd.exe (PID: 3284)
- cmd.exe (PID: 3608)
- cmd.exe (PID: 1524)
- cmd.exe (PID: 2492)
- cmd.exe (PID: 2420)
- cmd.exe (PID: 1112)
- cmd.exe (PID: 776)
- cmd.exe (PID: 612)
- cmd.exe (PID: 1096)
- cmd.exe (PID: 516)
- cmd.exe (PID: 572)
- cmd.exe (PID: 2844)
- cmd.exe (PID: 2684)
- cmd.exe (PID: 1128)
- cmd.exe (PID: 3456)
- cmd.exe (PID: 3748)
- cmd.exe (PID: 3560)
- cmd.exe (PID: 2760)
- cmd.exe (PID: 3384)
- cmd.exe (PID: 2620)
- cmd.exe (PID: 3572)
- cmd.exe (PID: 3768)
- cmd.exe (PID: 3580)
- cmd.exe (PID: 672)
- cmd.exe (PID: 2296)
- cmd.exe (PID: 4024)
- cmd.exe (PID: 2128)
- cmd.exe (PID: 968)
- cmd.exe (PID: 3020)
- cmd.exe (PID: 1044)
- cmd.exe (PID: 2144)
- cmd.exe (PID: 2336)
- cmd.exe (PID: 2896)
- cmd.exe (PID: 3776)
- cmd.exe (PID: 3148)
- cmd.exe (PID: 3784)
- cmd.exe (PID: 1372)
- cmd.exe (PID: 3932)
- cmd.exe (PID: 2124)
- cmd.exe (PID: 2720)
- cmd.exe (PID: 2248)
Starts CMD.EXE for commands execution
- cmd.exe (PID: 2256)
Application launched itself
- cmd.exe (PID: 2256)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
235
Monitored processes
201
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 188 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 472 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 492 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 492 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 516 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 520 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 560 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 572 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 600 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 612 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
Total events
3 217
Read events
3 217
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
3
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2256 | cmd.exe | C:\Users\admin\AppData\Local\Temp\data.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
| 2256 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Your_Username.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
| 2256 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Your_Password.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report