Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1380:120:WilError_01 |
Source: classification engine | Classification label: sus22.win@4/0@0/0 |
Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe cmd /C 'cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance>NUL&&timeout\' /t 5 /nobreak>NUL)&sc delete %s>NUL)'' | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance | Jump to behavior |
Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe cmd /C 'cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance>NUL&&timeout\' /t 5 /nobreak>NUL)&sc delete %s>NUL)'' | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe cmd /C 'cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance>NUL&&timeout\' /t 5 /nobreak>NUL)&sc delete %s>NUL)'' | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /S /V:ON /C \'echo off&set d=C:\\Program\' Files\\MySQL\\MySQL Server 8.0\'&FOR /f skip=1 %s in ('wmic service where ^'pathname like %!d:\\=\\\\!%^' get name ^| findstr /r ^.$') do ((for /L %k IN (1,1,20) do wmic service where 'name=%s and started=true' call stopservice | FIND /v \'No Instance | Jump to behavior |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.