Analysis
-
max time kernel
289s -
max time network
348s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07/05/2022, 21:49
Static task
static1
Behavioral task
behavioral1
Sample
f1aea885141ff01f8db0c1eeea40190915f79a43d033c2e0f58784d87d540bad.ps1
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
f1aea885141ff01f8db0c1eeea40190915f79a43d033c2e0f58784d87d540bad.ps1
-
Size
3.1MB
-
MD5
a3aa56ea0d055b327db1ccca22fc6bfc
-
SHA1
c8e62b37c9b96b7cf32ba5843b6f9242fdef6075
-
SHA256
f1aea885141ff01f8db0c1eeea40190915f79a43d033c2e0f58784d87d540bad
-
SHA512
2fc2e9870f30cae5dd2f63dda167a3c60f611220fa60ab281e7999870dadaba6d9854f4cdc8bf96bb4911a82b45f8ed99d23a76fd841f87f6cc67a1fbe71b724
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2008 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2008 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\f1aea885141ff01f8db0c1eeea40190915f79a43d033c2e0f58784d87d540bad.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2008