Overview

overview

10

Static

static

1127.ps1

windows7_x64

1

1127.ps1

windows10-2004_x64

10

Scan_660.jpg.lnk

windows7_x64

3

Scan_660.jpg.lnk

windows10-2004_x64

10

Analysis

  • max time kernel
    41s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03-06-2022 12:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1127.ps1

  • Size

    144KB

  • MD5

    c81a105cc43cfc5cf1235ecd00f13ba2

  • SHA1

    24fc2bb78929f8060894c6db3eb59f14bcfc6ccd

  • SHA256

    aa165be74685672c97476ffb5f1536bcf23269db4bde4537206b49fd61805d97

  • SHA512

    57641cab24cc922012a15ded50c977c6c3813ac5320a93883c33a4364073a1c410d9b3b6924d9f383d4262e244e3876d35624dd2435016820394bd005660d938

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1127.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-54-0x000007FEFBA41000-0x000007FEFBA43000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2008-55-0x000007FEF36C0000-0x000007FEF40E3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/2008-56-0x000007FEF2B60000-0x000007FEF36BD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/2008-57-0x000000001B790000-0x000000001BA8F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2008-58-0x000007FEF40F0000-0x000007FEF4FCC000-memory.dmp

    Filesize

    14.9MB

    Download

  • memory/2008-59-0x000007FEF36C0000-0x000007FEF40E3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/2008-60-0x000007FEFAC60000-0x000007FEFAD12000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2008-61-0x00000000025C4000-0x00000000025C7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2008-62-0x000007FEF2B60000-0x000007FEF36BD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/2008-63-0x000007FEFAF70000-0x000007FEFAFD9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2008-64-0x000007FEFAE20000-0x000007FEFAE52000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2008-65-0x000007FEF67F0000-0x000007FEF689A000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2008-66-0x000007FEF6700000-0x000007FEF67E5000-memory.dmp

    Filesize

    916KB

    Download

  • memory/2008-67-0x000007FEF6430000-0x000007FEF6646000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2008-68-0x000007FEF5EC0000-0x000007FEF5FD8000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2008-69-0x000007FEFADE0000-0x000007FEFAE1E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2008-70-0x000007FEF24B0000-0x000007FEF2B55000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/2008-71-0x000007FEF5BC0000-0x000007FEF5D2C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2008-72-0x000007FEF5A20000-0x000007FEF5BB5000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2008-73-0x000007FEF1C60000-0x000007FEF24AB000-memory.dmp

    Filesize

    8.3MB

    Download

  • memory/2008-74-0x00000000025CB000-0x00000000025EA000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2008-75-0x000007FEF5FE0000-0x000007FEF630E000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2008-76-0x000007FEF40F0000-0x000007FEF4FCC000-memory.dmp

    Filesize

    14.9MB

    Download

  • memory/2008-77-0x000007FEF36C0000-0x000007FEF40E3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/2008-78-0x000007FEFAC60000-0x000007FEFAD12000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2008-79-0x00000000025C4000-0x00000000025C7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2008-80-0x000007FEF2B60000-0x000007FEF36BD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/2008-81-0x000007FEF6430000-0x000007FEF6646000-memory.dmp

    Filesize

    2.1MB

    Download