Analysis
-
max time kernel
150s -
max time network
35s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
04-10-2021 06:48
Static task
static1
Behavioral task
behavioral1
Sample
c7d5ea3b83db855d97ce4df784f5c7556bae16f3297ae9399f5a14d686a1dbc7.ps1
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
c7d5ea3b83db855d97ce4df784f5c7556bae16f3297ae9399f5a14d686a1dbc7.ps1
-
Size
2.2MB
-
MD5
438f192c7282265b78ea831b779a5635
-
SHA1
0197c04c82a4ab39ec6a914be4b533eacfc6c3b4
-
SHA256
c7d5ea3b83db855d97ce4df784f5c7556bae16f3297ae9399f5a14d686a1dbc7
-
SHA512
7009dd62daf3c710766323fbe06bc779e2ca09d741bd84980a8b31ff30c7fdd9d05d9280730df633618c4e79c9ad44c57b81ade62283e91da669061afdebb6d5
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1756 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1756 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\c7d5ea3b83db855d97ce4df784f5c7556bae16f3297ae9399f5a14d686a1dbc7.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1756-53-0x000007FEFC4F1000-0x000007FEFC4F3000-memory.dmpFilesize
8KB
-
memory/1756-55-0x00000000027A0000-0x00000000027A2000-memory.dmpFilesize
8KB
-
memory/1756-56-0x00000000027A2000-0x00000000027A4000-memory.dmpFilesize
8KB
-
memory/1756-57-0x00000000027A4000-0x00000000027A7000-memory.dmpFilesize
12KB
-
memory/1756-54-0x000007FEF23E0000-0x000007FEF2F3D000-memory.dmpFilesize
11.4MB
-
memory/1756-58-0x000000001B720000-0x000000001BA1F000-memory.dmpFilesize
3.0MB
-
memory/1756-59-0x00000000027AB000-0x00000000027CA000-memory.dmpFilesize
124KB