analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | {f33c3b9b-72af-418a-b3fd-560646f7cda2}.bat |
| Full analysis: | https://app.any.run/tasks/0922be71-0ac5-4226-9b47-6dc02597ec2f |
| Verdict: | Malicious activity |
| Analysis date: | April 25, 2022, 13:22:59 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | text/x-msdos-batch |
| File info: | DOS batch file, ASCII text, with CRLF line terminators |
| MD5: | 1003F1B9BD6D764EB4EAE462F0629B17 |
| SHA1: | E0B7E145B2F21875FB2B6DA56F487A811A255D34 |
| SHA256: | D4D50F14BED8730E32ECDD78FB5DBF049D01A51FEA7FEB7B2A8FDD703330BE46 |
| SSDEEP: | 24:nPXFhPXqhPX4hPXSHWHwsVEs3DsefI3PTP:PPMa1fI/D |
MALICIOUS
Registers / Runs the DLL via REGSVR32.EXE
- cmd.exe (PID: 3056)
SUSPICIOUS
Reads the computer name
- cmd.exe (PID: 3056)
Checks supported languages
- cmd.exe (PID: 3056)
INFO
Checks supported languages
- regsvr32.exe (PID: 3412)
- regsvr32.exe (PID: 3596)
- regsvr32.exe (PID: 1856)
- regsvr32.exe (PID: 3448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
38
Monitored processes
5
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 3056 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\{f33c3b9b-72af-418a-b3fd-560646f7cda2}.bat" " | C:\Windows\system32\cmd.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
| 3448 | regsvr32.exe /s "C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxDH.dll" | C:\Windows\system32\regsvr32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft(C) Register Server Exit code: 3 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
| 3412 | regsvr32.exe /s "C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxDI.dll" | C:\Windows\system32\regsvr32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft(C) Register Server Exit code: 3 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
| 1856 | regsvr32.exe /s "C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxLHM.dll" | C:\Windows\system32\regsvr32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft(C) Register Server Exit code: 3 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
| 3596 | regsvr32.exe /s "C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxexps.dll" | C:\Windows\system32\regsvr32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft(C) Register Server Exit code: 3 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
Total events
86
Read events
86
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report