Analysis
-
max time kernel
7s -
max time network
44s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
30-08-2021 05:57
General
-
Target
dhl/dhl/vendor/composer/ClassLoader.php.ps1
-
Size
13KB
-
MD5
a0899dd7d97c25fe1d872a542afa6081
-
SHA1
886347a1ce3d2843dd58a5b2a96d894b330bcf84
-
SHA256
e4fc4d4487a4d766d3ef14606fa0d8ff09dd7f3f0885425803d7aa7fc68e2c3d
-
SHA512
6d630ae5c62bd43ae490e02b0e1eab6f9a4b92364b617e0dbb4404ff11bc33db238568dcc3df9d8de616f191109853bf9d9a408030f1252fa7e420e5321227af
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\dhl\dhl\vendor\composer\ClassLoader.php.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/468-60-0x000007FEFB531000-0x000007FEFB533000-memory.dmpFilesize
8KB
-
memory/468-61-0x0000000001DC0000-0x0000000001DC1000-memory.dmpFilesize
4KB
-
memory/468-62-0x000000001AB30000-0x000000001AB31000-memory.dmpFilesize
4KB
-
memory/468-63-0x00000000025A0000-0x00000000025A1000-memory.dmpFilesize
4KB
-
memory/468-64-0x000000001A900000-0x000000001A902000-memory.dmpFilesize
8KB
-
memory/468-65-0x000000001A904000-0x000000001A906000-memory.dmpFilesize
8KB
-
memory/468-66-0x00000000025D0000-0x00000000025D1000-memory.dmpFilesize
4KB