c3a06c5448869d4f136f1c15926ec4b2df48993fb86f3bd5dd4a69afbe3d46e4

General

Target

1204.ps1
Size

296KB
MD5

8a6d292fdd55ddb97fd2df336f66cfbb
SHA1

348401596d0b44faf930787380e146cb5f57795f
SHA256

bac3ed96090fb8ceed04adef4857bb8fd50b49ed65655f688e06d207f2daa3b8
SHA512

c0dd1b85b19a2f969e4ad9948ef195ba7e5246ce5b45eb27b17c98accf9daf1004b595d3fa0f753cb98ebceb2e5b1bed6b22a31abd69e1467d0b78b3b1374055

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

2024 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 2024 powershell.exe

pid	process
2024	powershell.exe

description	pid	process
Token: SeDebugPrivilege	2024	powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1204.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x000007FEFB9B1000-0x000007FEFB9B3000-memory.dmp

Filesize
8KB

Download
memory/2024-55-0x000007FEF35C0000-0x000007FEF3FE3000-memory.dmp

Filesize
10.1MB

Download
memory/2024-57-0x000007FEF3FF0000-0x000007FEF4ECC000-memory.dmp

Filesize
14.9MB

Download
memory/2024-58-0x000007FEF35C0000-0x000007FEF3FE3000-memory.dmp

Filesize
10.1MB

Download
memory/2024-56-0x000007FEF2A60000-0x000007FEF35BD000-memory.dmp

Filesize
11.4MB

Download
memory/2024-59-0x000007FEF67D0000-0x000007FEF6882000-memory.dmp

Filesize
712KB

Download
memory/2024-60-0x000007FEF2A60000-0x000007FEF35BD000-memory.dmp

Filesize
11.4MB

Download
memory/2024-61-0x000007FEFAEE0000-0x000007FEFAF49000-memory.dmp

Filesize
420KB

Download
memory/2024-62-0x000007FEFAD90000-0x000007FEFADC2000-memory.dmp

Filesize
200KB

Download
memory/2024-63-0x000007FEF6720000-0x000007FEF67CA000-memory.dmp

Filesize
680KB

Download
memory/2024-64-0x000007FEF64F0000-0x000007FEF65D5000-memory.dmp

Filesize
916KB

Download
memory/2024-65-0x000007FEF63D0000-0x000007FEF64E8000-memory.dmp

Filesize
1.1MB

Download
memory/2024-66-0x000007FEFAD50000-0x000007FEFAD8E000-memory.dmp

Filesize
248KB

Download
memory/2024-67-0x000007FEEF250000-0x000007FEEF8F5000-memory.dmp

Filesize
6.6MB

Download
memory/2024-68-0x000007FEF59C0000-0x000007FEF5B2C000-memory.dmp

Filesize
1.4MB

Download
memory/2024-69-0x000007FEF28C0000-0x000007FEF2A55000-memory.dmp

Filesize
1.6MB

Download
memory/2024-70-0x000000000286B000-0x000000000288A000-memory.dmp

Filesize
124KB

Download
memory/2024-71-0x0000000002864000-0x0000000002867000-memory.dmp

Filesize
12KB

Download
memory/2024-72-0x000007FEF5EE0000-0x000007FEF620E000-memory.dmp

Filesize
3.2MB

Download
memory/2024-73-0x000007FEF5CC0000-0x000007FEF5ED6000-memory.dmp

Filesize
2.1MB

Download
memory/2024-74-0x000007FEEE750000-0x000007FEEEF9B000-memory.dmp

Filesize
8.3MB

Download
memory/2024-76-0x000007FEF67D0000-0x000007FEF6882000-memory.dmp

Filesize
712KB

Download
memory/2024-75-0x000007FEF3FF0000-0x000007FEF4ECC000-memory.dmp

Filesize
14.9MB

Download
memory/2024-77-0x000007FEF2A60000-0x000007FEF35BD000-memory.dmp

Filesize
11.4MB

Download
memory/2024-78-0x000007FEF63D0000-0x000007FEF64E8000-memory.dmp

Filesize
1.1MB

Download
memory/2024-79-0x000007FEF35C0000-0x000007FEF3FE3000-memory.dmp

Filesize
10.1MB

Download
memory/2024-80-0x000007FEFAEE0000-0x000007FEFAF49000-memory.dmp

Filesize
420KB

Download
memory/2024-81-0x000007FEF6720000-0x000007FEF67CA000-memory.dmp

Filesize
680KB

Download
memory/2024-82-0x000000000286B000-0x000000000288A000-memory.dmp

Filesize
124KB

Download
memory/2024-83-0x0000000002864000-0x0000000002867000-memory.dmp

Filesize
12KB

Download
memory/2024-84-0x000007FEF5CC0000-0x000007FEF5ED6000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads