Overview

overview

8

Static

static

cleartemp.ps1

windows7_x64

1

cleartemp.ps1

windows10_x64

8

Analysis

  • max time kernel
    5s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    21-11-2020 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cleartemp.ps1

  • Size

    146KB

  • MD5

    d37fc91fc835071a3438abe832fe8583

  • SHA1

    f48e6bf381bbbaf9dccfd5803435aee862a64d45

  • SHA256

    0b07889a65e837600a28ae2df7c2fe6aa5a5cb93440e013139d7c0829a603599

  • SHA512

    411a42662eb54e9506e98d6e5e695aec58efbc2186f34764859f21824945659d20b82240836d6f36143448fd606a0aff69d1d2263189f9892b42c728d385f39b

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\cleartemp.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1700-0-0x000007FEF58B0000-0x000007FEF629C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/1700-1-0x00000000023B0000-0x00000000023B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1700-2-0x000000001AA80000-0x000000001AA81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1700-3-0x0000000002490000-0x0000000002491000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1700-4-0x0000000001DD0000-0x0000000001DD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1700-5-0x000000001B8D0000-0x000000001B8D1000-memory.dmp
    Filesize

    4KB

    Download