Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
28-01-2022 22:25
Static task
static1
Behavioral task
behavioral1
Sample
0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868.ps1
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868.ps1
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868.ps1
-
Size
4KB
-
MD5
4c1a115f740c1c111c9f51b3ba7dada9
-
SHA1
6be4f82c2f5dc46ebfa74a77fb550448fcac12d5
-
SHA256
0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868
-
SHA512
447a5fd8dd7ddb61ff62661a819735e0021e0b35cb7e9cc8cc9aaccf49f40a740c01fffc43bfad1e7cf2a40ccbade06d18235a78d73fb13b02451d50e6ce0df2
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
powershell.exepid process 3984 powershell.exe 3984 powershell.exe 3984 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 3984 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3984