Resubmissions
02-06-2022 22:15
220602-16kn1abhf3 1002-06-2022 21:45
220602-1mh13abha3 702-06-2022 21:44
220602-1ln6pabgh8 802-06-2022 21:40
220602-1jcpwabgh5 1002-06-2022 21:27
220602-1ay7hsffap 10Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
02-06-2022 21:27
Static task
static1
Behavioral task
behavioral1
Sample
1728.ps1
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1728.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Scan_282.jpg.lnk
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Scan_282.jpg.lnk
Resource
win10v2004-20220414-en
General
-
Target
1728.ps1
-
Size
150KB
-
MD5
732ac4665887f90ad5d320f0e462fce8
-
SHA1
31cb6f21e3d2f50713163163d665053f83bb5bb4
-
SHA256
3efec0b370dfacba1d8a2c9e8563441c6da54ae03925f3f845284d4ea9750731
-
SHA512
8ec4408765d152108981b68a76c42a352f9c623d74220bbbce392500cb8e618a0bd4ac6e2f05057f8520d195d64c38a834facf5cfcf168546b68e4b0287dd849
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1756 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1756 powershell.exe