Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
11-02-2022 15:38
General
-
Target
index.ps1
-
Size
1.3MB
-
MD5
d57fbade6e2181198807bbc31b115e3a
-
SHA1
2c3a54dfb9d23cadacd17d707e911a021b4e53ef
-
SHA256
63203d5fa490ac4467049929bfce158a940cf325c09231c0db88a836ddb3ffd5
-
SHA512
a063042a68f7c17e4e3afbeb0a707b497fc2779e2644a2d7fb9d850469a7be086e1a29325cf725ce4c1536eedcbe7e4790ca015020f0903925952fcfab95fd1a
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\index.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/528-54-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmpFilesize
8KB
-
memory/528-55-0x000007FEF2FB0000-0x000007FEF3B0D000-memory.dmpFilesize
11.4MB
-
memory/528-57-0x0000000002800000-0x0000000002802000-memory.dmpFilesize
8KB
-
memory/528-56-0x000007FEF56DE000-0x000007FEF56DF000-memory.dmpFilesize
4KB
-
memory/528-58-0x0000000002802000-0x0000000002804000-memory.dmpFilesize
8KB
-
memory/528-59-0x0000000002804000-0x0000000002807000-memory.dmpFilesize
12KB
-
memory/528-60-0x000000000280B000-0x000000000282A000-memory.dmpFilesize
124KB