Overview

overview

10

Static

static

fda3497d31...df.ps1

windows7_x64

1

fda3497d31...df.ps1

windows10-2004_x64

10

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    06-02-2022 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fda3497d316553432df108a4f9d5e71c65577e89a8cb0283914c9eec058af6df.ps1

  • Size

    2.5MB

  • MD5

    869fe194f8f03c8286c2eda3ff0f80a1

  • SHA1

    e79eeafe149ddccd7d907035442f8c4072237b68

  • SHA256

    fda3497d316553432df108a4f9d5e71c65577e89a8cb0283914c9eec058af6df

  • SHA512

    41de9b349240fd4c4997c7d9df6b349f43d38c2c74e31384c01861be5b69d643d8825ea1a21f6540036fa714e3d904a6a0089abdce2b42f4764d6388143ec453

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\fda3497d316553432df108a4f9d5e71c65577e89a8cb0283914c9eec058af6df.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1216-54-0x000007FEFC3C1000-0x000007FEFC3C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1216-56-0x0000000002490000-0x0000000002492000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1216-57-0x0000000002492000-0x0000000002494000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1216-58-0x0000000002494000-0x0000000002497000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1216-55-0x000007FEF3790000-0x000007FEF42ED000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1216-59-0x000000001B710000-0x000000001BA0F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1216-60-0x000000000249B000-0x00000000024BA000-memory.dmp

    Filesize

    124KB

    Download