Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
05-12-2021 00:17
General
-
Target
dump_stage2.ps1
-
Size
328KB
-
MD5
94982d1b3f651eefb0dfe0cae15c99de
-
SHA1
7d32816f90fd7a459b00fdaa329488e019cf8cdb
-
SHA256
20ba4529c17660f96be2882dbbf520c0388917dd49de1ded22b063af32e35ffe
-
SHA512
103f2e9b96394592897417352a75e05aa411ed39b88a7e24c768c9acc20e60f5572b427ee40152e55fc9c205d8a2626901524d2b2768fd439fdae8765b25ad3e
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\dump_stage2.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/320-55-0x000007FEFC291000-0x000007FEFC293000-memory.dmpFilesize
8KB
-
memory/320-56-0x000007FEF2B40000-0x000007FEF369D000-memory.dmpFilesize
11.4MB
-
memory/320-57-0x0000000002990000-0x0000000002992000-memory.dmpFilesize
8KB
-
memory/320-58-0x0000000002992000-0x0000000002994000-memory.dmpFilesize
8KB
-
memory/320-59-0x0000000002994000-0x0000000002997000-memory.dmpFilesize
12KB
-
memory/320-60-0x000000000299B000-0x00000000029BA000-memory.dmpFilesize
124KB
-
memory/320-61-0x00000000029BC000-0x00000000029BD000-memory.dmpFilesize
4KB