Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
19-01-2022 11:27
Static task
static1
Behavioral task
behavioral1
Sample
srv.ps1
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
General
-
Target
srv.ps1
-
Size
3.6MB
-
MD5
bdfc70e3237617d7a4509e9a857234eb
-
SHA1
7b1e093f630ded929fefe02c554d09a1a9d13c54
-
SHA256
d96de808e92e4d42e93180be95ec52fbe490c506cd839365e71cb7168df6bfbd
-
SHA512
5bdde5d55b60e7ba1fb448bf95dd45feb2936ebaf53f5a78fa8272b522836d21a884ec5db523d09605f565d382e0015ee055de1976a3093defcc162d43abd857
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1588 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1588 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1588-54-0x000007FEFBC11000-0x000007FEFBC13000-memory.dmpFilesize
8KB
-
memory/1588-55-0x000007FEF2FB0000-0x000007FEF3B0D000-memory.dmpFilesize
11.4MB
-
memory/1588-56-0x00000000026B0000-0x00000000026B2000-memory.dmpFilesize
8KB
-
memory/1588-57-0x00000000026B2000-0x00000000026B4000-memory.dmpFilesize
8KB
-
memory/1588-58-0x00000000026B4000-0x00000000026B7000-memory.dmpFilesize
12KB
-
memory/1588-59-0x00000000026BB000-0x00000000026DA000-memory.dmpFilesize
124KB