Analysis
-
max time kernel
36s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 14:24
Static task
static1
Behavioral task
behavioral1
Sample
7ab025aa1f53605e0e33299dbe89cceea79144ab98ff9a39a54c9ddab53a9eea.ps1
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7ab025aa1f53605e0e33299dbe89cceea79144ab98ff9a39a54c9ddab53a9eea.ps1
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
7ab025aa1f53605e0e33299dbe89cceea79144ab98ff9a39a54c9ddab53a9eea.ps1
-
Size
51KB
-
MD5
65779649108e379f6e5bbef6feb174aa
-
SHA1
5d0dc1f6a1b4393a88b0dfe54296b6ae2e803af2
-
SHA256
7ab025aa1f53605e0e33299dbe89cceea79144ab98ff9a39a54c9ddab53a9eea
-
SHA512
080e4f06d71c9fa446b7d34750d5510609b348a6b4d1b3f1b0d85d95fff0304cbf7a5d929e838d5eaf3e9e1217ba28acb1de46750263fb3189b43df577f3543e
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 888 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 888 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\7ab025aa1f53605e0e33299dbe89cceea79144ab98ff9a39a54c9ddab53a9eea.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/888-54-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmpFilesize
8KB
-
memory/888-55-0x000007FEF2CA0000-0x000007FEF37FD000-memory.dmpFilesize
11.4MB
-
memory/888-57-0x000000000252B000-0x000000000254A000-memory.dmpFilesize
124KB
-
memory/888-56-0x0000000002524000-0x0000000002527000-memory.dmpFilesize
12KB