Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-05-2021 13:07
General
-
Target
BmckepSR.ps1
-
Size
102KB
-
MD5
f7d5a302748c4a9597c27349e3f63fd1
-
SHA1
fcc71d41687fa5f221b25a76ce1df4223b813ffd
-
SHA256
9c6c9115420eb317d294ae65768bb0f65facd77fb3df489a7a8f301808ecfecf
-
SHA512
6a0400bc555f258ee05fddadee852b465ace689fbe08032bd12902c3fd75bb733c58bfed2767174546a27f56ee421445d8cbbc5f7cbfc81d8d8e3fa390806cc1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\BmckepSR.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1748-59-0x000007FEFB8F1000-0x000007FEFB8F3000-memory.dmpFilesize
8KB
-
memory/1748-60-0x00000000022E0000-0x00000000022E1000-memory.dmpFilesize
4KB
-
memory/1748-61-0x000000001ABD0000-0x000000001ABD1000-memory.dmpFilesize
4KB
-
memory/1748-62-0x0000000002430000-0x0000000002431000-memory.dmpFilesize
4KB
-
memory/1748-63-0x000000001AB50000-0x000000001AB52000-memory.dmpFilesize
8KB
-
memory/1748-64-0x000000001AB54000-0x000000001AB56000-memory.dmpFilesize
8KB
-
memory/1748-65-0x00000000024F0000-0x00000000024F1000-memory.dmpFilesize
4KB
-
memory/1748-66-0x000000001C520000-0x000000001C521000-memory.dmpFilesize
4KB