Analysis
-
max time kernel
117s -
max time network
135s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
22-02-2022 18:35
Static task
static1
Behavioral task
behavioral1
Sample
WZQNBDSLVGAWPUXJRUVDYE.ps1
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
WZQNBDSLVGAWPUXJRUVDYE.ps1
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
WZQNBDSLVGAWPUXJRUVDYE.ps1
-
Size
130KB
-
MD5
3fbbaee606b9fa5ed730aab0c6123ce0
-
SHA1
a38435566b572cd77b2b5521cf50d830518ba9cf
-
SHA256
2d89ba4be26780c15328677895a43b6b31791a25105892d562cacf7fc902299d
-
SHA512
9cb3c6aa7021c09ec5c54520066fea23195e87c5cac41b2eba7bd8a0f31edc23414ebe4bbe3524ebcc2e100c3aec179987e58e11587205d4242302fa92b33f2f
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1624 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1624 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1624-55-0x000007FEFB731000-0x000007FEFB733000-memory.dmpFilesize
8KB
-
memory/1624-57-0x000007FEF4F9E000-0x000007FEF4F9F000-memory.dmpFilesize
4KB
-
memory/1624-58-0x0000000002420000-0x0000000002422000-memory.dmpFilesize
8KB
-
memory/1624-59-0x0000000002422000-0x0000000002424000-memory.dmpFilesize
8KB
-
memory/1624-60-0x0000000002424000-0x0000000002427000-memory.dmpFilesize
12KB
-
memory/1624-56-0x000007FEF2870000-0x000007FEF33CD000-memory.dmpFilesize
11.4MB
-
memory/1624-61-0x000000001B730000-0x000000001BA2F000-memory.dmpFilesize
3.0MB
-
memory/1624-62-0x000000000242B000-0x000000000244A000-memory.dmpFilesize
124KB