Overview

overview

10

Static

static

10

virtual_fr...ds.ps1

windows7_x64

1

virtual_fr...ds.ps1

windows10-2004_x64

1

virtual_fr...es.ps1

windows7_x64

1

virtual_fr...es.ps1

windows10-2004_x64

1

virtual_fr...ts.ps1

windows7_x64

1

virtual_fr...ts.ps1

windows10-2004_x64

1

virtual_fr...ns.ps1

windows7_x64

1

virtual_fr...ns.ps1

windows10-2004_x64

1

virtual_fr...cts.js

windows7_x64

1

virtual_fr...cts.js

windows10-2004_x64

1

virtual_fr...ng.ps1

windows7_x64

1

virtual_fr...ng.ps1

windows10-2004_x64

1

virtual_fr...der.js

windows7_x64

1

virtual_fr...der.js

windows10-2004_x64

1

virtual_fr...x.html

windows7_x64

1

virtual_fr...x.html

windows10-2004_x64

1

virtual_fr...ck.ps1

windows7_x64

1

virtual_fr...ck.ps1

windows10-2004_x64

1

virtual_fr...de.pdf

windows7_x64

1

virtual_fr...de.pdf

windows10-2004_x64

1

virtual_fr...nks.js

windows7_x64

1

virtual_fr...nks.js

windows10-2004_x64

1

virtual_fr...x.html

windows7_x64

1

virtual_fr...x.html

windows10-2004_x64

1

virtual_fr...ler.js

windows7_x64

1

virtual_fr...ler.js

windows10-2004_x64

1

virtual_fr...tp.ps1

windows7_x64

1

virtual_fr...tp.ps1

windows10-2004_x64

1

virtual_fr...x.html

windows7_x64

1

virtual_fr...x.html

windows10-2004_x64

1

virtual_fr...oap.js

windows7_x64

1

virtual_fr...oap.js

windows10-2004_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virtual_freer_v1.58/back/categories.ps1

  • Size

    13KB

  • MD5

    c405a726372ea0e2099e281004d258fa

  • SHA1

    13f3a01b9d63046ed7ab9f22cb598580580a842d

  • SHA256

    54d4349d91040b0e384132640f203a5e3fab9249221ffa51f4f058ce7d199663

  • SHA512

    e3ad7e8249b273b60735990e204ff1a2a546dcd156f640230921dbd32a9078d79989ac82d775224cc0bf596a6ad32d71e2931843f1975ee71f680d42f271dd2b

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\virtual_freer_v1.58\back\categories.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4256-130-0x000002041A5E0000-0x000002041A602000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4256-131-0x00007FFA8D360000-0x00007FFA8DE21000-memory.dmp
    Filesize

    10.8MB

    Download