Overview

overview

10

Static

static

65d6f9753c...53.ps1

windows7_x64

1

65d6f9753c...53.ps1

windows10-2004_x64

10

Analysis

  • max time kernel
    40s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-06-2022 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65d6f9753c33e994c63595226ef407ac71ea703bf7cf52eb36ba502b5fa9f153.ps1

  • Size

    30KB

  • MD5

    0f4cb16b0393fb6ec6bdd8a59f7b5e0e

  • SHA1

    a9f39815612f34ac43667b82d379340d91db0318

  • SHA256

    65d6f9753c33e994c63595226ef407ac71ea703bf7cf52eb36ba502b5fa9f153

  • SHA512

    cb6f73fb1180a878cbd426c9d56763418a01637aaa01f5710ad4cf2d73f84fe1f6f20fe4ce69f4f022de03479b02da1c30ddfec8e47cb7144ca3d23f21258d02

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\65d6f9753c33e994c63595226ef407ac71ea703bf7cf52eb36ba502b5fa9f153.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/872-54-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp
    Filesize

    8KB

    Download
  • memory/872-55-0x000007FEF4310000-0x000007FEF4D33000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/872-56-0x000007FEF37B0000-0x000007FEF430D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/872-57-0x000000001B790000-0x000000001BA8F000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/872-58-0x000007FEF4310000-0x000007FEF4D33000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/872-60-0x000007FEF68B0000-0x000007FEF6962000-memory.dmp
    Filesize

    712KB

    Download
  • memory/872-59-0x000007FEF4D40000-0x000007FEF5C1C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/872-61-0x0000000002524000-0x0000000002527000-memory.dmp
    Filesize

    12KB

    Download
  • memory/872-62-0x000007FEF4D40000-0x000007FEF5C1C000-memory.dmp
    Filesize

    14.9MB

    Download
  • memory/872-63-0x000007FEF37B0000-0x000007FEF430D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/872-65-0x000007FEF6AD0000-0x000007FEF6B39000-memory.dmp
    Filesize

    420KB

    Download
  • memory/872-64-0x000007FEF3480000-0x000007FEF37AE000-memory.dmp
    Filesize

    3.2MB

    Download
  • memory/872-66-0x000007FEF6A90000-0x000007FEF6AC2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/872-67-0x000007FEF6800000-0x000007FEF68AA000-memory.dmp
    Filesize

    680KB

    Download
  • memory/872-68-0x000007FEF6710000-0x000007FEF67F5000-memory.dmp
    Filesize

    916KB

    Download
  • memory/872-69-0x000007FEF3260000-0x000007FEF3476000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/872-71-0x000007FEF3140000-0x000007FEF3258000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/872-70-0x000007FEF66D0000-0x000007FEF670E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/872-72-0x000007FEF2510000-0x000007FEF2BB5000-memory.dmp
    Filesize

    6.6MB

    Download
  • memory/872-73-0x000007FEF2E40000-0x000007FEF2FAC000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/872-74-0x000007FEF2CA0000-0x000007FEF2E35000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/872-75-0x000000000252B000-0x000000000254A000-memory.dmp
    Filesize

    124KB

    Download
  • memory/872-76-0x000007FEEE7D0000-0x000007FEEF01B000-memory.dmp
    Filesize

    8.3MB

    Download
  • memory/872-77-0x000007FEEE7D0000-0x000007FEEF01B000-memory.dmp
    Filesize

    8.3MB

    Download