Overview

overview

10

Static

static

OTSLG.ps1

windows7_x64

5

OTSLG.ps1

windows10_x64

10

dump_stage1.ps1

windows7_x64

5

dump_stage1.ps1

windows10_x64

1

dump_stage2.ps1

windows7_x64

1

dump_stage2.ps1

windows10_x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    05-12-2021 00:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dump_stage1.ps1

  • Size

    740KB

  • MD5

    5cffb281fe8937f26e4994f8133f7456

  • SHA1

    5479ddb635bf9c9a5632955c7d2cd2a6047256df

  • SHA256

    3609272795c8f8ba1275959d1457b03f6143efaaf8cd037547cd561e68763237

  • SHA512

    12418b348819ae9b9aa1115c19723cd77964273c3b0d07225971756a3ccd1061f0db891911390847d244db3acbf1b268739275a0e3fe2a41407781443a26600e

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\dump_stage1.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2480-116-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-115-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-117-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-118-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-119-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-120-0x000001CA008D0000-0x000001CA008D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2480-121-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-122-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-123-0x000001CA00A80000-0x000001CA00A81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2480-124-0x000001CA7F8D0000-0x000001CA7F8D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-125-0x000001CA7F8D3000-0x000001CA7F8D5000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-126-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-134-0x000001CA7F8D6000-0x000001CA7F8D8000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2480-157-0x000001CA7F8D8000-0x000001CA7F8D9000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2480-160-0x000001CA65AE0000-0x000001CA65AE2000-memory.dmp
    Filesize

    8KB

    Download