Overview

overview

8

Static

static

cleartemp.ps1

windows7_x64

1

cleartemp.ps1

windows10_x64

8

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    21-11-2020 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cleartemp.ps1

  • Size

    146KB

  • MD5

    d37fc91fc835071a3438abe832fe8583

  • SHA1

    f48e6bf381bbbaf9dccfd5803435aee862a64d45

  • SHA256

    0b07889a65e837600a28ae2df7c2fe6aa5a5cb93440e013139d7c0829a603599

  • SHA512

    411a42662eb54e9506e98d6e5e695aec58efbc2186f34764859f21824945659d20b82240836d6f36143448fd606a0aff69d1d2263189f9892b42c728d385f39b

Score
8/10

Malware Config

Signatures

  • Blacklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\cleartemp.ps1
    1⤵
    • Blacklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/416-0-0x00007FF9A85B0000-0x00007FF9A8F9C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/416-1-0x00000235D6440000-0x00000235D6441000-memory.dmp
    Filesize

    4KB

    Download
  • memory/416-2-0x00000235D65F0000-0x00000235D65F1000-memory.dmp
    Filesize

    4KB

    Download