File name:

daddylivehd.cmd

Full analysis: https://app.any.run/tasks/04d2bdf3-be7f-42a5-8492-bd8da61893c0
Verdict: Malicious activity
Analysis date: January 15, 2024, 16:02:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/x-msdos-batch
File info: DOS batch file, ASCII text, with CRLF line terminators
MD5:

DD628C44FEF02AF6A8F628EFD4859830

SHA1:

672B11188AEDA407EC28E0417C1DC6C945DB826D

SHA256:

DE1356040B34A721146B96992608699DA9AEE75BEA33589F0D227C58711E6D80

SSDEEP:

6:hCSF4WPJyWjDauSHoJWdSOKMR0OPQvACHFdAROlYGR9CHFi/lgsezXJDhz1oA4da:LgWRJspQLbS7w/ozX/1d4NXw4G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 2044)

    • Application launched itself

      • cmd.exe (PID: 2044)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
59
Monitored processes
14
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs PhotoViewer.dll no specs

Process information

PID
CMD
Path
Indicators
Parent process
316cmd /c "echo https://ddh3.hlsjs.ru/ddh3/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddh3.hlsjs.ru/ddh3/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
392cmd /c "echo https://fls.hlsjs.ru/fls/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://fls.hlsjs.ru/fls/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
572cmd /c "echo https://ddh4.hlsjs.ru/ddh4/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddh4.hlsjs.ru/ddh4/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1216cmd /c "echo https://ddy5.hlsjs.ru/ddy5/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddy5.hlsjs.ru/ddy5/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1392cmd /c "echo https://ddy3.hlsjs.ru/ddy3/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddy3.hlsjs.ru/ddy3/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1404cmd /c "echo https://sky.hlsjs.ru/sky/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://sky.hlsjs.ru/sky/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1596cmd /c "echo https://ddh5.hlsjs.ru/ddh5/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddh5.hlsjs.ru/ddh5/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1632cmd /c "echo https://ddy4.hlsjs.ru/ddy4/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddy4.hlsjs.ru/ddy4/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2020cmd /c "echo https://ddh2.hlsjs.ru/ddh2/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddh2.hlsjs.ru/ddh2/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2032cmd /c "echo https://ddy1.hlsjs.ru/ddy1/premium/tracks-v1a1/mono.m3u8 && mpv --http-header-fields="Referer: https://weblivehdplay.ru/" "https://ddy1.hlsjs.ru/ddy1/premium/tracks-v1a1/mono.m3u8" --msg-level=ffmpeg=v"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
353
Read events
351
Write events
2
Delete events
0

Modification events

(PID) Process:(2300) dllhost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(2300) dllhost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000034000000A00400008002000000000000
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
daddylivehd.cmd