Overview

overview

10

Static

static

10

asdfg.ps1

windows10_x64

8

asdfg.ps1

windows10-2004_x64

8

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    09-04-2022 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    asdfg.ps1

  • Size

    193KB

  • MD5

    fb688204cb7b25d92caa176874c3b4a4

  • SHA1

    0e12d29fd6c774232f2817dbd5f9b0fed1e78957

  • SHA256

    acc23a776415d931b64e95919b3372562b17a7c2717e1d530b031a6f29404b94

  • SHA512

    d9cf3f45d0489584ac842a237b5a152ba8fda6c42532c8216c2d51ba4ffcaa03f126e9e5c35b98f9e4ac513b66226e3734111ecd08aacb874d338b0842dfc64c

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\asdfg.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2708
    • \??\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
      "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
    Filesize

    8KB

    MD5

    0347e24a39db8d2de535b0ae996ba6c7

    SHA1

    a5b37d7cbc50baa570e0b3c992095f0318789af2

    SHA256

    70eb2bce73cea3f069b37728a78232d789c6c2741d2e0990bfcb46034c2b8025

    SHA512

    c20e12b918f15e1b97128cf98714b50d664fdaa25df17c7b2ca442f755b6821b1e1ddf1360d6e3d6df398a84feb54dd70ccb44c0aa23ac11e0fbe4fcc8171f22

    Download Submit
  • memory/2708-124-0x0000017F5A610000-0x0000017F5A632000-memory.dmp
    Filesize

    136KB

    Download
  • memory/2708-125-0x00007FF94B4A0000-0x00007FF94BF61000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2708-127-0x0000017F57813000-0x0000017F57815000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2708-128-0x0000017F57816000-0x0000017F57818000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2708-126-0x0000017F57810000-0x0000017F57812000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2708-129-0x0000017F5AA30000-0x0000017F5ABA6000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/2708-130-0x0000017F5ADC0000-0x0000017F5AFCA000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/4616-132-0x00000000023E0000-0x0000000002416000-memory.dmp
    Filesize

    216KB

    Download
  • memory/4616-133-0x0000000004FD0000-0x00000000055F8000-memory.dmp
    Filesize

    6.2MB

    Download
  • memory/4616-134-0x0000000004E80000-0x0000000004EA2000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4616-135-0x0000000005670000-0x00000000056D6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4616-136-0x00000000056E0000-0x0000000005746000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4616-137-0x0000000002945000-0x0000000002947000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4616-138-0x0000000005E20000-0x0000000005E3E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4616-139-0x0000000006A60000-0x00000000070DA000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/4616-140-0x0000000006390000-0x00000000063AA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4616-142-0x00000000063E0000-0x0000000006A5A000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/4616-131-0x0000000000000000-mapping.dmp
    Download