Overview

overview

10

Static

static

WZQNBDSLVG...YE.ps1

windows7_x64

1

WZQNBDSLVG...YE.ps1

windows10-2004_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 18:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WZQNBDSLVGAWPUXJRUVDYE.ps1

  • Size

    130KB

  • MD5

    3fbbaee606b9fa5ed730aab0c6123ce0

  • SHA1

    a38435566b572cd77b2b5521cf50d830518ba9cf

  • SHA256

    2d89ba4be26780c15328677895a43b6b31791a25105892d562cacf7fc902299d

  • SHA512

    9cb3c6aa7021c09ec5c54520066fea23195e87c5cac41b2eba7bd8a0f31edc23414ebe4bbe3524ebcc2e100c3aec179987e58e11587205d4242302fa92b33f2f

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\WZQNBDSLVGAWPUXJRUVDYE.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1624-55-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1624-57-0x000007FEF4F9E000-0x000007FEF4F9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1624-58-0x0000000002420000-0x0000000002422000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1624-59-0x0000000002422000-0x0000000002424000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1624-60-0x0000000002424000-0x0000000002427000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1624-56-0x000007FEF2870000-0x000007FEF33CD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1624-61-0x000000001B730000-0x000000001BA2F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1624-62-0x000000000242B000-0x000000000244A000-memory.dmp

    Filesize

    124KB

    Download