all InfoSec news
Suspicious batch file
May 1, 2023, 7:31 p.m. | /u/Fine_Conversation_91
cybersecurity www.reddit.com
​
Wondering if anyone has seen something like this:
​
File Name cmd.exe
File Path file:///C%3A/WINDOWS/system32/cmd.exe
Command Line Arguments C:\WINDOWS\system32\cmd.exe /Q /c echo cd ^> \\127.0.0.1\C$\__outputa 2^>^&1 > C:\WINDOWS\SXjBVUay.bat & C:\WINDOWS\system32\cmd.exe /Q /c C:\WINDOWS\SXjBVUay.bat & del C:\WINDOWS\SXjBVUay.bat
We see a lot of computers being flagged with this by Cisco enpoint protection but I cannot locate that file on the computers (probably cause it deletes itself).
​
Any help is appreciated.
amp bat batch cisco command command line computers cybersecurity echo file name path protection windows
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Cloud Security Analyst
@ Cloud Peritus | Bengaluru, India
Cyber Program Manager - CISO- United States – Remote
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
Network Security Engineer (AEGIS)
@ Peraton | Virginia Beach, VA, United States
SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May
@ EMW, Inc. | Mons, Wallonia, Belgium
Information Systems Security Engineer
@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)