Skip to content
Snippets Groups Projects
Commit 04930e12 authored by NGUYEN Do Duc Anh's avatar NGUYEN Do Duc Anh
Browse files

add window file

parent 69a1fbfa
No related branches found
No related tags found
No related merge requests found
# Configuration
$ProcessName = "mssecsvc"
$ProcessName = "bazzar-24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"
$TargetIpAddress = "10.0.254.255"
$TargetPort = 12346
$SuccessMessage = "TCP connection opened successfully to $TargetIpAddress:$TargetPort."
# Function to open TCP connection
function OpenTcpConnection {
try {
$client = New-Object System.Net.Sockets.TcpClient
$client.Connect($TargetIpAddress, $TargetPort)
Write-Host $SuccessMessage
$client.Close()
} catch {
Write-Host "Failed to open TCP connection: $_"
}
}
# Monitor for the appearance of the specified process
while ($true) {
$process = Get-Process | Where-Object { $_.ProcessName -eq $ProcessName }
if ($process) {
OpenTcpConnection
break
}
Start-Sleep -Seconds 1
}
# Configuration
$commandToFind = "rundll32.exe C:\\Users\\window7_pc\\Downloads\\NotPetya-mzakyz666-027cc450ef5f8c5f653329641ec1fed9.dll,#1"
$commandToFind = "rundll32.exe c:\\Windows\\NotPetya-mzakyz666-027cc450ef5f8c5f653329641ec1fed9.dll,#1"
$TargetIpAddress = "10.0.254.255"
$TargetPort = 12346
$SuccessMessage = "TCP connection opened successfully to $TargetIpAddress:$TargetPort."
# Function to open TCP connection
function OpenTcpConnection {
try {
$client = New-Object System.Net.Sockets.TcpClient
$client.Connect($TargetIpAddress, $TargetPort)
Write-Host $SuccessMessage
$client.Close()
} catch {
Write-Host "Failed to open TCP connection: $_"
}
}
# Monitor for the appearance of the specified process
while ($true) {
$process = wmic process get CommandLine | Select-String $commandToFind
if ($process) {
OpenTcpConnection
break
}
}
# Configuration
$ProcessName = "winlogon"
$TargetIpAddress = "10.0.254.255"
$TargetPort = 12347
$SuccessMessage = "TCP connection opened successfully to $TargetIpAddress:$TargetPort."
# Function to open TCP connection
function OpenTcpConnection {
try {
$client = New-Object System.Net.Sockets.TcpClient
$client.Connect($TargetIpAddress, $TargetPort)
Write-Host $SuccessMessage
$client.Close()
} catch {
Write-Host "Failed to open TCP connection: $_"
}
}
# Wait for network connectivity
while (-not (Test-Connection -ComputerName $TargetIpAddress -Count 1 -Quiet)) {
Write-Host "Waiting for network connectivity..."
Start-Sleep -Seconds 5
}
# Monitor for the appearance of the specified process
while ($true) {
$process = Get-Process | Where-Object { $_.ProcessName -eq $ProcessName }
if ($process) {
OpenTcpConnection
break
}
Start-Sleep -Seconds 1
}
rundll32.exe c:\Users\window7_pc\Downloads\NotPetya-mzakyz666-027cc450ef5f8c5f653329641ec1fed9.dll,#1
@echo off
powershell -ExecutionPolicy Bypass -File "C:\Users\window7_pc\Desktop\monitor_crash_and_openTCP.ps1"
@echo off
powershell -ExecutionPolicy Bypass -File "C:\Users\window7_pc\Desktop\monitor_and_openTCP.ps1"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment