Windows Analysis Report
WindowsSecurity.bat

Overview

General Information

Sample name: WindowsSecurity.bat
Analysis ID: 1562558
MD5: 05cd39c1bcd36864196ed59fb8ed0fcd
SHA1: 3341bd4190c8433bec8c47345619fe2d91552088
SHA256: b7e134c5fca6d2a835b76d171a49575b4a78873da5bc89d6c2dbd90aa8332738
Tags: batCompilazioneprotetticopyrightuser-JAMESWT_MHT
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://tvdseo.com/file/Adonis/Adonis_Bot Avira URL Cloud: Label: phishing
Source: WindowsSecurity.bat String found in binary or memory: https://tvdseo.com/file/Adonis/Adonis_Bot
Source: classification engine Classification label: mal48.winBAT@2/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7736:120:WilError_03
Source: unknown Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\WindowsSecurity.bat" "
Source: unknown Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\WindowsSecurity.bat" "
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: ndfapi.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: wdi.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562558 Sample: WindowsSecurity.bat Startdate: 25/11/2024 Architecture: WINDOWS Score: 48 10 Antivirus detection for URL or domain 2->10 6 cmd.exe 1 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
No contacted IP infos