Analysis
-
max time kernel
139s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 11:11
Static task
static1
Behavioral task
behavioral1
Sample
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660.ps1
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660.ps1
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660.ps1
-
Size
360B
-
MD5
cfd1923ef62eda51c93b8b3599941acd
-
SHA1
ec8712a15560aa43ba4710ea574f5443ae5c5c5c
-
SHA256
2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660
-
SHA512
043f86e5448c4bcc941da02471797d3b863644502bdc36a9c97ab693b888eee2fafcf35e5ffbdce1afcaaf1b77869b50c49e49274ad7a0543b49a993d32ff5c6
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
powershell.exeflow pid process 6 4288 powershell.exe 14 4288 powershell.exe 26 4288 powershell.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 4288 powershell.exe 4288 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 4288 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660.ps11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken