Overview

overview

10

Static

static

file1.ps1

windows7_x64

1

file1.ps1

windows10-2004_x64

10

Analysis

  • max time kernel
    4294179s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    08-03-2022 17:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file1.ps1

  • Size

    132KB

  • MD5

    9777539c560bfd297cc2574c37fa5b21

  • SHA1

    4eb088f40d4cb02590c7299ac7e2c0d609680e1e

  • SHA256

    be4f0c6439bdba738482ea253cde60f3347afd86b284362f83b510a0034b693a

  • SHA512

    dc3ca59771b57826cd8714c4335ffbdecddd155e234309dd812d0db7bb2a21b590bd73c57d5270f2083e6f616fbf2265f955654ae5f091d9f820ae64beea1e96

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file1.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoE -Nop -NonI -WIndoWSTYLe HiDdeN -ExecutionPolicy Bypass -file C:\ProgramData\PRESFGEQTFRWEEHBFXQXJU\PRESFGEQTFRWEEHBFXQXJU.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1524-72-0x00000000027DB000-0x00000000027FA000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1524-70-0x00000000027D4000-0x00000000027D7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1524-68-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1524-69-0x00000000027D2000-0x00000000027D4000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1524-67-0x00000000027D0000-0x00000000027D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1524-66-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1524-65-0x000007FEEE7F0000-0x000007FEEF34D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1796-58-0x000000001B7F0000-0x000000001BAEF000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1796-62-0x0000000002704000-0x0000000002707000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1796-59-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1796-61-0x000000000270B000-0x000000000272A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1796-60-0x0000000002702000-0x0000000002704000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1796-54-0x000007FEFBAF1000-0x000007FEFBAF3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1796-56-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1796-57-0x0000000002700000-0x0000000002702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1796-55-0x000007FEEE7F0000-0x000007FEEF34D000-memory.dmp

    Filesize

    11.4MB

    Download