Analysis

  • max time kernel
    18s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    15-04-2022 12:26

General

  • Target

    mevlbkxshp.ps1

  • Size

    119KB

  • MD5

    cc55cf5d17726a6137c51fecff65659f

  • SHA1

    039339bd25e0a3a6183d1c848007377f939eeb04

  • SHA256

    2d97a2fb3bb70289266079670be42efa882a361e922dee6a109884222b3336d6

  • SHA512

    8df91c615f07b9b722616a4e43a6869ce701d4eb82be43c2e7eaee43845f5b61e657c918d741d65459b7fe9c96ebde4ff6811398f1e63e57d205e9411bfb905a

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\mevlbkxshp.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1944-54-0x000007FEFC2E1000-0x000007FEFC2E3000-memory.dmp

    Filesize

    8KB

  • memory/1944-55-0x000007FEF3C90000-0x000007FEF47ED000-memory.dmp

    Filesize

    11.4MB

  • memory/1944-56-0x000000001B720000-0x000000001BA1F000-memory.dmp

    Filesize

    3.0MB

  • memory/1944-57-0x00000000023C0000-0x00000000023C2000-memory.dmp

    Filesize

    8KB

  • memory/1944-58-0x00000000023C2000-0x00000000023C4000-memory.dmp

    Filesize

    8KB

  • memory/1944-60-0x00000000023CB000-0x00000000023EA000-memory.dmp

    Filesize

    124KB

  • memory/1944-59-0x00000000023C4000-0x00000000023C7000-memory.dmp

    Filesize

    12KB