Overview

overview

10

Static

static

1728.ps1

windows7_x64

1

1728.ps1

windows10-2004_x64

10

Scan_282.jpg.lnk

windows7_x64

3

Scan_282.jpg.lnk

windows10-2004_x64

10

Resubmissions

02-06-2022 22:15

220602-16kn1abhf3 10

02-06-2022 21:45

220602-1mh13abha3 7

02-06-2022 21:44

220602-1ln6pabgh8 8

02-06-2022 21:40

220602-1jcpwabgh5 10

02-06-2022 21:27

220602-1ay7hsffap 10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-06-2022 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1728.ps1

  • Size

    150KB

  • MD5

    732ac4665887f90ad5d320f0e462fce8

  • SHA1

    31cb6f21e3d2f50713163163d665053f83bb5bb4

  • SHA256

    3efec0b370dfacba1d8a2c9e8563441c6da54ae03925f3f845284d4ea9750731

  • SHA512

    8ec4408765d152108981b68a76c42a352f9c623d74220bbbce392500cb8e618a0bd4ac6e2f05057f8520d195d64c38a834facf5cfcf168546b68e4b0287dd849

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1728.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1756-54-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1756-55-0x000007FEF3800000-0x000007FEF4223000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1756-56-0x000007FEF2CA0000-0x000007FEF37FD000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1756-59-0x000007FEF3800000-0x000007FEF4223000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1756-57-0x000007FEF4230000-0x000007FEF510C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/1756-58-0x000000001B830000-0x000000001BB2F000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1756-61-0x0000000002874000-0x0000000002877000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1756-60-0x000007FEF6880000-0x000007FEF6932000-memory.dmp
    Filesize

    712KB

    Download
  • memory/1756-62-0x000007FEF2CA0000-0x000007FEF37FD000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1756-64-0x000007FEFAEC0000-0x000007FEFAEF2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1756-63-0x000007FEFAB90000-0x000007FEFABF9000-memory.dmp
    Filesize

    420KB

    Download
  • memory/1756-65-0x000007FEF66E0000-0x000007FEF678A000-memory.dmp
    Filesize

    680KB

    Download
  • memory/1756-66-0x000007FEF65F0000-0x000007FEF66D5000-memory.dmp
    Filesize

    916KB

    Download
  • memory/1756-67-0x000007FEF5F00000-0x000007FEF6116000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/1756-68-0x000007FEF64D0000-0x000007FEF65E8000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1756-69-0x000007FEFAE50000-0x000007FEFAE8E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1756-70-0x000007FEF25F0000-0x000007FEF2C95000-memory.dmp
    Filesize

    6.6MB

    Download
  • memory/1756-71-0x000007FEF5C00000-0x000007FEF5D6C000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1756-72-0x000007FEF2450000-0x000007FEF25E5000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1756-73-0x000007FEEEA00000-0x000007FEEF24B000-memory.dmp
    Filesize

    8.3MB

    Download
  • memory/1756-74-0x000007FEF6120000-0x000007FEF644E000-memory.dmp
    Filesize

    3.2MB

    Download
  • memory/1756-75-0x000000000287B000-0x000000000289A000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1756-76-0x000007FEF4230000-0x000007FEF510C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/1756-77-0x000007FEF6880000-0x000007FEF6932000-memory.dmp
    Filesize

    712KB

    Download
  • memory/1756-78-0x000007FEF3800000-0x000007FEF4223000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1756-79-0x0000000002874000-0x0000000002877000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1756-80-0x000007FEF2CA0000-0x000007FEF37FD000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1756-81-0x000007FEF5F00000-0x000007FEF6116000-memory.dmp
    Filesize

    2.1MB

    Download