Automated Malware Analysis IOC Report for

Path

Cmdline

Malicious

C:\Windows\System32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\WindowsSecurity.bat" "

Details

Is windows:	true
Is dropped:	false
PID:	7720
Target ID:	0
Parent PID:	3968
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\WindowsSecurity.bat" "
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	11:59:57
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff75bf10000
Modulesize:	421888
Wow64:	false

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7736
Target ID:	2
Parent PID:	7720
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	11:59:57
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff620390000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Name

IP

Malicious

https://tvdseo.com/file/Adonis/Adonis_Bot

unknown

Path

Value

Malicious

HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB

@%SystemRoot%\System32\ndfapi.dll,-40001

IOC Report
WindowsSecurity.bat