Overview

overview

10

Static

static

Invoice-06-1022.iso

windows7_x64

3

Invoice-06-1022.iso

windows10-2004_x64

3

1728.ps1

windows7_x64

1

1728.ps1

windows10-2004_x64

10

Scan_282.jpg

windows7_x64

3

Scan_282.jpg

windows10-2004_x64

3

Scan_282.jpg.lnk

windows7_x64

3

Scan_282.jpg.lnk

windows10-2004_x64

10

x.txt

windows7_x64

1

x.txt

windows10-2004_x64

1

Resubmissions

02-06-2022 22:15

220602-16kn1abhf3 10

02-06-2022 21:45

220602-1mh13abha3 7

02-06-2022 21:44

220602-1ln6pabgh8 8

02-06-2022 21:40

220602-1jcpwabgh5 10

02-06-2022 21:27

220602-1ay7hsffap 10

Analysis

  • max time kernel
    42s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-06-2022 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1728.ps1

  • Size

    150KB

  • MD5

    732ac4665887f90ad5d320f0e462fce8

  • SHA1

    31cb6f21e3d2f50713163163d665053f83bb5bb4

  • SHA256

    3efec0b370dfacba1d8a2c9e8563441c6da54ae03925f3f845284d4ea9750731

  • SHA512

    8ec4408765d152108981b68a76c42a352f9c623d74220bbbce392500cb8e618a0bd4ac6e2f05057f8520d195d64c38a834facf5cfcf168546b68e4b0287dd849

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1728.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/656-54-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/656-55-0x000007FEF3CE0000-0x000007FEF4703000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/656-56-0x000007FEF3180000-0x000007FEF3CDD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/656-57-0x000007FEF4710000-0x000007FEF55EC000-memory.dmp

    Filesize

    14.9MB

    Download

  • memory/656-58-0x000007FEF3CE0000-0x000007FEF4703000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/656-61-0x000007FEF3180000-0x000007FEF3CDD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/656-60-0x00000000025C4000-0x00000000025C7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/656-59-0x000007FEF6280000-0x000007FEF6332000-memory.dmp

    Filesize

    712KB

    Download

  • memory/656-62-0x000007FEF2E50000-0x000007FEF317E000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/656-63-0x000007FEF64A0000-0x000007FEF6509000-memory.dmp

    Filesize

    420KB

    Download

  • memory/656-64-0x000007FEF6460000-0x000007FEF6492000-memory.dmp

    Filesize

    200KB

    Download

  • memory/656-65-0x000007FEF61D0000-0x000007FEF627A000-memory.dmp

    Filesize

    680KB

    Download

  • memory/656-66-0x000007FEF60E0000-0x000007FEF61C5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/656-67-0x000007FEF2C30000-0x000007FEF2E46000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/656-68-0x000007FEF2B10000-0x000007FEF2C28000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/656-69-0x000007FEF60A0000-0x000007FEF60DE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/656-70-0x000007FEF1EE0000-0x000007FEF2585000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/656-71-0x000007FEF2810000-0x000007FEF297C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/656-72-0x000007FEF2670000-0x000007FEF2805000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/656-73-0x000007FEEE8C0000-0x000007FEEF10B000-memory.dmp

    Filesize

    8.3MB

    Download

  • memory/656-74-0x00000000025CB000-0x00000000025EA000-memory.dmp

    Filesize

    124KB

    Download

  • memory/656-75-0x000007FEF4710000-0x000007FEF55EC000-memory.dmp

    Filesize

    14.9MB

    Download