27b7acae44aa6de830142fecb1704064e8c681668a1e8fcbda2912f092c6d3eb | Triage

Analysis

max time kernel
122s
max time network
117s
platform
windows10_x64
resource
win10
submitted
13-07-2020 09:39

Sharing

Report Analysis Logs

General

Target

bDwbcJgZ.ps1
Size

10KB
MD5

87ead981b3a26e0aad8b780a6f4de511
SHA1

05d8b754617e1972671ce2099e3afdf6efd210d0
SHA256

27b7acae44aa6de830142fecb1704064e8c681668a1e8fcbda2912f092c6d3eb
SHA512

00e38b6bc634e3f68b7e47f6d1adcdebee288d12688c74af6c18496cddbd0e74ecbc5cbcfd73bda8566842c9094d86a90484d406ee48d117561e833ab2521363

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 3236 powershell.exe
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

3236 powershell.exe
3236 powershell.exe
3236 powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\bDwbcJgZ.ps1
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...