Overview

overview

10

Static

static

10

virus11.ps1

windows7_x64

8

virus11.ps1

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    03-05-2021 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virus11.ps1

  • Size

    14KB

  • MD5

    102f6e180a2f67c7cff24e4e47e319e3

  • SHA1

    413906407b384e6a2221c31631271686dd4dc8fd

  • SHA256

    1ec71f936075a6b54858d0ca24538bfe6e74c1f37eec5d9ee065f5ebe12d5ab5

  • SHA512

    589f74c995c9277a54b63b9d7111afd7f85aa535e4b99f02710c8ce333364a4cfd79019809814706de8cdcb88b95c14292c69c1e3a42154e08e4363fd7400128

Score
8/10
persistence

Malware Config

Signatures

  • Blocklisted process makes network request 12 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\virus11.ps1
    1⤵
    • Blocklisted process makes network request
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1748

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1748-59-0x000007FEFB8F1000-0x000007FEFB8F3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1748-60-0x0000000001DE0000-0x0000000001DE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-61-0x000000001AD20000-0x000000001AD21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-62-0x00000000022F0000-0x00000000022F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-63-0x0000000000510000-0x0000000000511000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-64-0x000000001ACA0000-0x000000001ACA2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1748-65-0x000000001ACA4000-0x000000001ACA6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1748-66-0x000000001ABB0000-0x000000001ABB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-67-0x000000001B7F0000-0x000000001B7F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-68-0x0000000002700000-0x0000000002701000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-71-0x000000001AA30000-0x000000001AA31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-83-0x000000001A9E0000-0x000000001A9E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-84-0x000000001AC40000-0x000000001AC41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1748-85-0x000000001ACAA000-0x000000001ACC9000-memory.dmp
    Filesize

    124KB

    Download