Overview

overview

1

Static

static

2.ps1

windows7_x64

1

2.ps1

windows10_x64

1

Analysis

  • max time kernel
    12s
  • max time network
    115s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    10-06-2021 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2.ps1

  • Size

    2KB

  • MD5

    5798c853ffa7703ed05c1bef5649ff35

  • SHA1

    71663e8f0b867df83f14f9b1068f07d7856c51eb

  • SHA256

    c935b69cc2be264c92368f9f0649608b58932e23db815ca24a1a1adb19cb0c8f

  • SHA512

    3b46f6799a83f343f2bf79762a4841508180cf94e36200ea99bf0ee422f0000b49cd09bb68189be34dd39b513890c09fd0f98a0a7eb8e407d7e8f67d499235cc

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\2.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/852-118-0x00000223BB0B0000-0x00000223BB0B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/852-121-0x00000223BB3D0000-0x00000223BB3D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/852-122-0x00000223BB140000-0x00000223BB142000-memory.dmp
    Filesize

    8KB

    Download
  • memory/852-123-0x00000223BB143000-0x00000223BB145000-memory.dmp
    Filesize

    8KB

    Download
  • memory/852-134-0x00000223BB146000-0x00000223BB148000-memory.dmp
    Filesize

    8KB

    Download