Overview

overview

10

Static

static

srv.ps1

windows7_x64

1

srv.ps1

windows10-2004_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-01-2022 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    srv.ps1

  • Size

    3.6MB

  • MD5

    bdfc70e3237617d7a4509e9a857234eb

  • SHA1

    7b1e093f630ded929fefe02c554d09a1a9d13c54

  • SHA256

    d96de808e92e4d42e93180be95ec52fbe490c506cd839365e71cb7168df6bfbd

  • SHA512

    5bdde5d55b60e7ba1fb448bf95dd45feb2936ebaf53f5a78fa8272b522836d21a884ec5db523d09605f565d382e0015ee055de1976a3093defcc162d43abd857

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\srv.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1588-54-0x000007FEFBC11000-0x000007FEFBC13000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1588-55-0x000007FEF2FB0000-0x000007FEF3B0D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1588-56-0x00000000026B0000-0x00000000026B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1588-57-0x00000000026B2000-0x00000000026B4000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1588-58-0x00000000026B4000-0x00000000026B7000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1588-59-0x00000000026BB000-0x00000000026DA000-memory.dmp
    Filesize

    124KB

    Download