Overview

overview

1

Static

static

0f1e223eaf...68.ps1

windows7_x64

1

0f1e223eaf...68.ps1

windows10_x64

1

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    28-01-2022 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868.ps1

  • Size

    4KB

  • MD5

    4c1a115f740c1c111c9f51b3ba7dada9

  • SHA1

    6be4f82c2f5dc46ebfa74a77fb550448fcac12d5

  • SHA256

    0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868

  • SHA512

    447a5fd8dd7ddb61ff62661a819735e0021e0b35cb7e9cc8cc9aaccf49f40a740c01fffc43bfad1e7cf2a40ccbade06d18235a78d73fb13b02451d50e6ce0df2

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3984-120-0x00000230AE1D0000-0x00000230AE1F2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3984-125-0x00000230AE210000-0x00000230AE212000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3984-126-0x00000230AE213000-0x00000230AE215000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3984-127-0x00000230B0370000-0x00000230B03E6000-memory.dmp

    Filesize

    472KB

    Download