Overview

overview

10

Static

static

10

78769e4085...7e.zip

windows7_x64

1

78769e4085...7e.zip

windows10-2004_x64

malware-an...er.pdf

windows7_x64

1

malware-an...er.pdf

windows10-2004_x64

1

malware-an...is.pdf

windows7_x64

1

malware-an...is.pdf

windows10-2004_x64

1

malware-an...ypt.py

linux_amd64

malware-an...ypt.py

linux_armhf

malware-an...ypt.py

linux_mips

malware-an...ypt.py

linux_mipsel

malware-an...ons.py

windows7_x64

3

malware-an...ons.py

windows10-2004_x64

3

malware-an...is.pdf

windows7_x64

1

malware-an...is.pdf

windows10-2004_x64

malware-an...tt.ps1

windows7_x64

10

malware-an...tt.ps1

windows10-2004_x64

8

malware-an...tt.vbs

windows7_x64

malware-an...tt.vbs

windows10-2004_x64

7

malware-an...er.ps1

windows7_x64

1

malware-an...er.ps1

windows10-2004_x64

malware-an...od.ps1

windows7_x64

malware-an...od.ps1

windows10-2004_x64

10

malware-an...44.exe

windows7_x64

10

malware-an...44.exe

windows10-2004_x64

malware-an...55.dll

windows7_x64

1

malware-an...55.dll

windows10-2004_x64

malware-an...xes.py

linux_amd64

malware-an...xes.py

linux_armhf

malware-an...xes.py

linux_mips

malware-an...xes.py

linux_mipsel

malware-an...dra.py

windows7_x64

malware-an...dra.py

windows10-2004_x64

3

Analysis

  • max time kernel
    38s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    malware-analysis-writeups-master/bashar-bachir-chain/files/downloader.ps1

  • Size

    996B

  • MD5

    c40333c90f34d4cbbc45c7ed4e1cd7bf

  • SHA1

    3bce9f938bb194b2c780899348459d501cc9ee2e

  • SHA256

    4e20f10918cfec989ae62dcbaa53aa2135ccfbf54a40c00c90519b7724d0e3da

  • SHA512

    b79bd0d50484fe309e8b7808f6d6f256ad5edf7bca386b02d632d2b27739c045e89aea9867dd93c5cc4f7ea0233ee57e29ef7c21a6675015a610878c714562d5

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\malware-analysis-writeups-master\bashar-bachir-chain\files\downloader.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1444-54-0x000007FEFBCC1000-0x000007FEFBCC3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1444-56-0x0000000002410000-0x0000000002490000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1444-55-0x000007FEF34F0000-0x000007FEF404D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1444-57-0x000000001B760000-0x000000001BA5F000-memory.dmp
    Filesize

    3.0MB

    Download