Analysis
-
max time kernel
5s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
10-06-2021 23:21
General
-
Target
2.ps1
-
Size
2KB
-
MD5
5798c853ffa7703ed05c1bef5649ff35
-
SHA1
71663e8f0b867df83f14f9b1068f07d7856c51eb
-
SHA256
c935b69cc2be264c92368f9f0649608b58932e23db815ca24a1a1adb19cb0c8f
-
SHA512
3b46f6799a83f343f2bf79762a4841508180cf94e36200ea99bf0ee422f0000b49cd09bb68189be34dd39b513890c09fd0f98a0a7eb8e407d7e8f67d499235cc
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\2.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/308-62-0x000000001AB90000-0x000000001AB91000-memory.dmpFilesize
4KB
-
memory/308-61-0x0000000002380000-0x0000000002381000-memory.dmpFilesize
4KB
-
memory/308-60-0x000007FEFC661000-0x000007FEFC663000-memory.dmpFilesize
8KB
-
memory/308-63-0x0000000002520000-0x0000000002521000-memory.dmpFilesize
4KB
-
memory/308-64-0x0000000002650000-0x0000000002651000-memory.dmpFilesize
4KB
-
memory/308-65-0x000000001AB10000-0x000000001AB12000-memory.dmpFilesize
8KB
-
memory/308-66-0x000000001AB14000-0x000000001AB16000-memory.dmpFilesize
8KB
-
memory/308-67-0x0000000002690000-0x0000000002691000-memory.dmpFilesize
4KB
-
memory/308-70-0x000000001A960000-0x000000001A961000-memory.dmpFilesize
4KB
-
memory/308-82-0x000000001A9C0000-0x000000001A9C1000-memory.dmpFilesize
4KB
-
memory/308-83-0x000000001A9D0000-0x000000001A9D1000-memory.dmpFilesize
4KB
-
memory/308-84-0x000000001AB1A000-0x000000001AB39000-memory.dmpFilesize
124KB