srv.ps1
General
Target
Filesize
Completed
srv.ps1
3MB
19-01-2022 11:29
Score
1/10
MD5
SHA1
SHA256
bdfc70e3237617d7a4509e9a857234eb
7b1e093f630ded929fefe02c554d09a1a9d13c54
d96de808e92e4d42e93180be95ec52fbe490c506cd839365e71cb7168df6bfbd
Malware Config
Signatures 2
Filter: none
-
Suspicious behavior: EnumeratesProcessespowershell.exe
Reported IOCs
pid process 1588 powershell.exe -
Suspicious use of AdjustPrivilegeTokenpowershell.exe
Reported IOCs
description pid process Token: SeDebugPrivilege 1588 powershell.exe
Processes 1
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePID:1588powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\srv.ps1Suspicious behavior: EnumeratesProcessesSuspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1588-54-0x000007FEFBC11000-0x000007FEFBC13000-memory.dmp
-
memory/1588-55-0x000007FEF2FB0000-0x000007FEF3B0D000-memory.dmp
-
memory/1588-56-0x00000000026B0000-0x00000000026B2000-memory.dmp
-
memory/1588-57-0x00000000026B2000-0x00000000026B4000-memory.dmp
-
memory/1588-58-0x00000000026B4000-0x00000000026B7000-memory.dmp
-
memory/1588-59-0x00000000026BB000-0x00000000026DA000-memory.dmp
Title
Loading data