Analysis
-
max time kernel
117s -
max time network
135s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
22-02-2022 18:35
General
-
Target
WZQNBDSLVGAWPUXJRUVDYE.ps1
-
Size
130KB
-
MD5
3fbbaee606b9fa5ed730aab0c6123ce0
-
SHA1
a38435566b572cd77b2b5521cf50d830518ba9cf
-
SHA256
2d89ba4be26780c15328677895a43b6b31791a25105892d562cacf7fc902299d
-
SHA512
9cb3c6aa7021c09ec5c54520066fea23195e87c5cac41b2eba7bd8a0f31edc23414ebe4bbe3524ebcc2e100c3aec179987e58e11587205d4242302fa92b33f2f
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\WZQNBDSLVGAWPUXJRUVDYE.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1624-55-0x000007FEFB731000-0x000007FEFB733000-memory.dmpFilesize
8KB
-
memory/1624-57-0x000007FEF4F9E000-0x000007FEF4F9F000-memory.dmpFilesize
4KB
-
memory/1624-58-0x0000000002420000-0x0000000002422000-memory.dmpFilesize
8KB
-
memory/1624-59-0x0000000002422000-0x0000000002424000-memory.dmpFilesize
8KB
-
memory/1624-60-0x0000000002424000-0x0000000002427000-memory.dmpFilesize
12KB
-
memory/1624-56-0x000007FEF2870000-0x000007FEF33CD000-memory.dmpFilesize
11.4MB
-
memory/1624-61-0x000000001B730000-0x000000001BA2F000-memory.dmpFilesize
3.0MB
-
memory/1624-62-0x000000000242B000-0x000000000244A000-memory.dmpFilesize
124KB