Overview

overview

10

Static

static

10

asdfg.ps1

windows10_x64

8

asdfg.ps1

windows10-2004_x64

8

Analysis

  • max time kernel
    111s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10-20220331-en
  • submitted
    09-04-2022 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    asdfg.ps1

  • Size

    193KB

  • MD5

    fb688204cb7b25d92caa176874c3b4a4

  • SHA1

    0e12d29fd6c774232f2817dbd5f9b0fed1e78957

  • SHA256

    acc23a776415d931b64e95919b3372562b17a7c2717e1d530b031a6f29404b94

  • SHA512

    d9cf3f45d0489584ac842a237b5a152ba8fda6c42532c8216c2d51ba4ffcaa03f126e9e5c35b98f9e4ac513b66226e3734111ecd08aacb874d338b0842dfc64c

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\asdfg.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2152
    • \??\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
      "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • memory/2152-118-0x000002B150BB0000-0x000002B150BD2000-memory.dmp
    Filesize

    136KB

    Download
  • memory/2152-121-0x000002B169A00000-0x000002B169A76000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2152-129-0x000002B169160000-0x000002B169162000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2152-130-0x000002B169163000-0x000002B169165000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2152-135-0x000002B16ACC0000-0x000002B16AE36000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/2152-136-0x000002B16B050000-0x000002B16B258000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2152-137-0x000002B169166000-0x000002B169168000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4112-149-0x0000000007520000-0x0000000007542000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4112-148-0x0000000007620000-0x0000000007C48000-memory.dmp
    Filesize

    6.2MB

    Download
  • memory/4112-147-0x0000000006EE0000-0x0000000006F16000-memory.dmp
    Filesize

    216KB

    Download
  • memory/4112-150-0x0000000007D00000-0x0000000007D66000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4112-151-0x0000000007DE0000-0x0000000007E46000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4112-152-0x00000000080C0000-0x0000000008410000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/4112-153-0x0000000008480000-0x000000000849C000-memory.dmp
    Filesize

    112KB

    Download
  • memory/4112-154-0x0000000008540000-0x000000000858B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/4112-155-0x0000000008720000-0x0000000008796000-memory.dmp
    Filesize

    472KB

    Download
  • memory/4112-162-0x0000000009310000-0x0000000009988000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/4112-163-0x0000000008C90000-0x0000000008CAA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4112-165-0x0000000008C90000-0x0000000009308000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/4112-144-0x0000000000000000-mapping.dmp
    Download