8ea25999fe93b84c817faa74af0ad94f0c0064d8e28fba5fea17665c38695430

Target

1728.ps1
Size

150KB
MD5

732ac4665887f90ad5d320f0e462fce8
SHA1

31cb6f21e3d2f50713163163d665053f83bb5bb4
SHA256

3efec0b370dfacba1d8a2c9e8563441c6da54ae03925f3f845284d4ea9750731
SHA512

8ec4408765d152108981b68a76c42a352f9c623d74220bbbce392500cb8e618a0bd4ac6e2f05057f8520d195d64c38a834facf5cfcf168546b68e4b0287dd849

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

1756 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1756 powershell.exe

pid	process
1756	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1756	powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1728.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-54-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp

Filesize
8KB

Download
memory/1756-55-0x000007FEF3800000-0x000007FEF4223000-memory.dmp

Filesize
10.1MB

Download
memory/1756-56-0x000007FEF2CA0000-0x000007FEF37FD000-memory.dmp

Filesize
11.4MB

Download
memory/1756-59-0x000007FEF3800000-0x000007FEF4223000-memory.dmp

Filesize
10.1MB

Download
memory/1756-57-0x000007FEF4230000-0x000007FEF510C000-memory.dmp

Filesize
14.9MB

Download
memory/1756-58-0x000000001B830000-0x000000001BB2F000-memory.dmp

Filesize
3.0MB

Download
memory/1756-61-0x0000000002874000-0x0000000002877000-memory.dmp

Filesize
12KB

Download
memory/1756-60-0x000007FEF6880000-0x000007FEF6932000-memory.dmp

Filesize
712KB

Download
memory/1756-62-0x000007FEF2CA0000-0x000007FEF37FD000-memory.dmp

Filesize
11.4MB

Download
memory/1756-64-0x000007FEFAEC0000-0x000007FEFAEF2000-memory.dmp

Filesize
200KB

Download
memory/1756-63-0x000007FEFAB90000-0x000007FEFABF9000-memory.dmp

Filesize
420KB

Download
memory/1756-65-0x000007FEF66E0000-0x000007FEF678A000-memory.dmp

Filesize
680KB

Download
memory/1756-66-0x000007FEF65F0000-0x000007FEF66D5000-memory.dmp

Filesize
916KB

Download
memory/1756-67-0x000007FEF5F00000-0x000007FEF6116000-memory.dmp

Filesize
2.1MB

Download
memory/1756-68-0x000007FEF64D0000-0x000007FEF65E8000-memory.dmp

Filesize
1.1MB

Download
memory/1756-69-0x000007FEFAE50000-0x000007FEFAE8E000-memory.dmp

Filesize
248KB

Download
memory/1756-70-0x000007FEF25F0000-0x000007FEF2C95000-memory.dmp

Filesize
6.6MB

Download
memory/1756-71-0x000007FEF5C00000-0x000007FEF5D6C000-memory.dmp

Filesize
1.4MB

Download
memory/1756-72-0x000007FEF2450000-0x000007FEF25E5000-memory.dmp

Filesize
1.6MB

Download
memory/1756-73-0x000007FEEEA00000-0x000007FEEF24B000-memory.dmp

Filesize
8.3MB

Download
memory/1756-74-0x000007FEF6120000-0x000007FEF644E000-memory.dmp

Filesize
3.2MB

Download
memory/1756-75-0x000000000287B000-0x000000000289A000-memory.dmp

Filesize
124KB

Download
memory/1756-76-0x000007FEF4230000-0x000007FEF510C000-memory.dmp

Filesize
14.9MB

Download
memory/1756-77-0x000007FEF6880000-0x000007FEF6932000-memory.dmp

Filesize
712KB

Download
memory/1756-78-0x000007FEF3800000-0x000007FEF4223000-memory.dmp

Filesize
10.1MB

Download
memory/1756-79-0x0000000002874000-0x0000000002877000-memory.dmp

Filesize
12KB

Download
memory/1756-80-0x000007FEF2CA0000-0x000007FEF37FD000-memory.dmp

Filesize
11.4MB

Download
memory/1756-81-0x000007FEF5F00000-0x000007FEF6116000-memory.dmp

Filesize
2.1MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads