Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
05-12-2021 00:17
Static task
static1
Behavioral task
behavioral1
Sample
OTSLG.ps1
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
OTSLG.ps1
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
dump_stage1.ps1
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
dump_stage1.ps1
Resource
win10-en-20211014
Behavioral task
behavioral5
Sample
dump_stage2.ps1
Resource
win7-en-20211104
Behavioral task
behavioral6
Sample
dump_stage2.ps1
Resource
win10-en-20211104
General
-
Target
dump_stage2.ps1
-
Size
328KB
-
MD5
94982d1b3f651eefb0dfe0cae15c99de
-
SHA1
7d32816f90fd7a459b00fdaa329488e019cf8cdb
-
SHA256
20ba4529c17660f96be2882dbbf520c0388917dd49de1ded22b063af32e35ffe
-
SHA512
103f2e9b96394592897417352a75e05aa411ed39b88a7e24c768c9acc20e60f5572b427ee40152e55fc9c205d8a2626901524d2b2768fd439fdae8765b25ad3e
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 320 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 320 powershell.exe