This post is part of the series of Practical Malware Analysis Exercises.
The program seemingly did nothing, then spawned a cmd.exe instance to delete itself on disk.
- ProcExp: Nothing interesting.
- RegShot: No registry modifications.
- WireShark: No unusual activity.
- ProcMon: 1783 events for process name
Lab03-04.exe - Created a process at the end to delete itself with the string:
"C:\WINDOWS\system32\cmd.exe" /c del C:\DOCUME~1\ADMINI~1\Desktop\Lab03-04.exe >> NUL
The program deletes itself from the hard drive. Presumably, it's failing an environment check or missing an argument.
With varying arguments. In a debugger.