Overview

overview

1

Static

static

5.ps1

windows7_x64

1

5.ps1

windows10_x64

1

Analysis

  • max time kernel
    73s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    11-06-2021 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5.ps1

  • Size

    2KB

  • MD5

    714f0b2fa3982eb5ce3fb344c7256f59

  • SHA1

    c040cef03005e5b995991e2e4b82ffdabd77c08a

  • SHA256

    4b85ab0412367c7d107e079dd8cb331aa3ce4bd347518256b925977f30a854af

  • SHA512

    fe2071a2b52076d0d86132c7bbff90f6172ea9925bb57458b315c84f1354dbb037b36cfe5ba041f7c0f74ab15d26db96889e0540f8051cf1aad78f9f3066309d

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\5.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1404
    • \??\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
      "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
    MD5

    2cb3f528286df9feab019e0de2053b6a

    SHA1

    0d5835457f71fd6cdfa45e7280544142e35ad6fc

    SHA256

    bcdaef74a79cde95526e25c52de2623b0e2b2091a304e57db0cd7e640bb08943

    SHA512

    c466148cc9d282d02b5463c2ddd0d28c69a0e1715d4aae3bbf9874d39df6ffbc242f10be9d75b18c71d49626ae4f4bb6886f4955afced091e68590155a79e860

    Download Submit
  • memory/1404-119-0x000001CCEAA30000-0x000001CCEAA31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1404-123-0x000001CCEABE0000-0x000001CCEABE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1404-122-0x000001CCEA020000-0x000001CCEA022000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1404-124-0x000001CCEA023000-0x000001CCEA025000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1404-132-0x000001CCEA026000-0x000001CCEA028000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1404-134-0x000001CCEB040000-0x000001CCEB041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1404-135-0x000001CCEB3D0000-0x000001CCEB3D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-148-0x0000000006992000-0x0000000006993000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-152-0x0000000007700000-0x0000000007701000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-145-0x00000000010E0000-0x00000000010E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-147-0x0000000006990000-0x0000000006991000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-149-0x0000000006B80000-0x0000000006B81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-150-0x0000000006D20000-0x0000000006D21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-151-0x0000000006E70000-0x0000000006E71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-146-0x0000000006FD0000-0x0000000006FD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-153-0x00000000068A0000-0x00000000068A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-154-0x0000000008130000-0x0000000008131000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-155-0x0000000007DC0000-0x0000000007DC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-160-0x00000000088F0000-0x00000000088F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-161-0x0000000008290000-0x0000000008291000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3828-162-0x0000000008270000-0x00000000088E8000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/3828-142-0x0000000000000000-mapping.dmp
    Download