Analysis
-
max time kernel
123s -
max time network
139s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
19-02-2022 09:03
General
-
Target
3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3.ps1
-
Size
45KB
-
MD5
61daa29f8789c8955145c4fd95d082a2
-
SHA1
92277533be60b333f4e79b1f6e5d821cfa9f818e
-
SHA256
3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3
-
SHA512
21dc0806c3337121cb68ed5a4d552fac992371b02fbbb664dd703c6cf586082d02c74db82261405e1af6acab3524c0b48eed12d1270cdfa5c9fc0a3faa2757b3
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\3248338f08f0a3316dd06a3893ff4a38459eb812d2463265deb73eef4dfcddb3.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1340-54-0x000007FEFC261000-0x000007FEFC263000-memory.dmpFilesize
8KB
-
memory/1340-55-0x000007FEF34E0000-0x000007FEF403D000-memory.dmpFilesize
11.4MB
-
memory/1340-56-0x000007FEF5C0E000-0x000007FEF5C0F000-memory.dmpFilesize
4KB
-
memory/1340-57-0x00000000028E0000-0x00000000028E2000-memory.dmpFilesize
8KB
-
memory/1340-58-0x00000000028E2000-0x00000000028E4000-memory.dmpFilesize
8KB
-
memory/1340-59-0x00000000028E4000-0x00000000028E7000-memory.dmpFilesize
12KB
-
memory/1340-60-0x000000001B730000-0x000000001BA2F000-memory.dmpFilesize
3.0MB
-
memory/1340-61-0x00000000028EB000-0x000000000290A000-memory.dmpFilesize
124KB