File name: | EasyOs.bat |
Full analysis: | https://app.any.run/tasks/b74a5ded-1afc-4cd7-8169-1548ce0a22f3 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 18:08:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-msdos-batch |
File info: | DOS batch file, UTF-8 Unicode text, with CRLF line terminators |
MD5: | 8B30FB9FAF7563762E1C4D310431A31C |
SHA1: | B3E056141A01BF91997727FA68F47082B16EED22 |
SHA256: | B96E13CD40185D50324D4EC3B5E72A483CBFBE0B543D4BE5F1D3B4DF7F82B9D2 |
SSDEEP: | 192:5xEmtLWPlFVw8FcDCMDEQBej7zfzi4wQ2Rw:5xhtklBcuMDWzfzi4wQ9 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3004 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\EasyOs.bat" " | C:\Windows\system32\cmd.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3080 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3372 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3436 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3476 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3624 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
1228 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
1516 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3072 | C:\Windows\system32\cmd.exe /S /D /c" set /p="0"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3840 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3004 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Your_Username.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
3004 | cmd.exe | C:\Users\admin\AppData\Local\Temp\data.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 | |||
3004 | cmd.exe | C:\Users\admin\AppData\Local\Temp\Your_Password.txt | text | |
MD5:CE585C6BA32AC17652D2345118536F9C | SHA256:589C942E748EA16DC86923C4391092707CE22315EB01CB85B0988C6762AA0ED3 |