c22a6401a415fe642f3d96f38a887dd8ad23dd83a9255ee89d9adf4650ab98da

Analysis

Target

bm.ps1
Size

915KB
MD5

001bfe6f72fe64660ba498107c658bdc
SHA1

0946baf23e867f2564302b60f777db72a1244a30
SHA256

c22a6401a415fe642f3d96f38a887dd8ad23dd83a9255ee89d9adf4650ab98da
SHA512

32836eff8285a5a301be0b4410d34a73d99d4c04b38b0b67b937c1bc5ae6ab2d033a97089b6588c245371dfd8e95c420c8bbd3862a632a828122861e0ec839d3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1868	powershell.exe
Token: SeDebugPrivilege	1616	powershell.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1616	1868	powershell.exe	29
PID 1868 wrote to memory of 1616	1868	powershell.exe	29
PID 1868 wrote to memory of 1616	1868	powershell.exe	29
PID 1868 wrote to memory of 1616	1868	powershell.exe	29

memory/1616-62-0x0000000075731000-0x0000000075733000-memory.dmp

Filesize
8KB

Download
memory/1616-63-0x00000000022F0000-0x0000000002F3A000-memory.dmp

Filesize
12.3MB

Download
memory/1616-64-0x00000000022F0000-0x0000000002F3A000-memory.dmp

Filesize
12.3MB

Download
memory/1868-55-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

Filesize
8KB

Download
memory/1868-56-0x000007FEF28B0000-0x000007FEF340D000-memory.dmp

Filesize
11.4MB

Download
memory/1868-57-0x0000000002800000-0x0000000002802000-memory.dmp

Filesize
8KB

Download
memory/1868-58-0x0000000002802000-0x0000000002804000-memory.dmp

Filesize
8KB

Download
memory/1868-59-0x0000000002804000-0x0000000002807000-memory.dmp

Filesize
12KB

Download
memory/1868-60-0x000000000280B000-0x000000000282A000-memory.dmp

Filesize
124KB

Download