Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
05-12-2021 00:17
Static task
static1
Behavioral task
behavioral1
Sample
OTSLG.ps1
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
OTSLG.ps1
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
dump_stage1.ps1
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
dump_stage1.ps1
Resource
win10-en-20211014
Behavioral task
behavioral5
Sample
dump_stage2.ps1
Resource
win7-en-20211104
Behavioral task
behavioral6
Sample
dump_stage2.ps1
Resource
win10-en-20211104
General
-
Target
dump_stage1.ps1
-
Size
740KB
-
MD5
5cffb281fe8937f26e4994f8133f7456
-
SHA1
5479ddb635bf9c9a5632955c7d2cd2a6047256df
-
SHA256
3609272795c8f8ba1275959d1457b03f6143efaaf8cd037547cd561e68763237
-
SHA512
12418b348819ae9b9aa1115c19723cd77964273c3b0d07225971756a3ccd1061f0db891911390847d244db3acbf1b268739275a0e3fe2a41407781443a26600e
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2480 powershell.exe 2480 powershell.exe 2480 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2480 powershell.exe