Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-06-2022 12:15
General
-
Target
1127.ps1
-
Size
144KB
-
MD5
c81a105cc43cfc5cf1235ecd00f13ba2
-
SHA1
24fc2bb78929f8060894c6db3eb59f14bcfc6ccd
-
SHA256
aa165be74685672c97476ffb5f1536bcf23269db4bde4537206b49fd61805d97
-
SHA512
57641cab24cc922012a15ded50c977c6c3813ac5320a93883c33a4364073a1c410d9b3b6924d9f383d4262e244e3876d35624dd2435016820394bd005660d938
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1127.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2008-54-0x000007FEFBA41000-0x000007FEFBA43000-memory.dmpFilesize
8KB
-
memory/2008-55-0x000007FEF36C0000-0x000007FEF40E3000-memory.dmpFilesize
10.1MB
-
memory/2008-56-0x000007FEF2B60000-0x000007FEF36BD000-memory.dmpFilesize
11.4MB
-
memory/2008-57-0x000000001B790000-0x000000001BA8F000-memory.dmpFilesize
3.0MB
-
memory/2008-58-0x000007FEF40F0000-0x000007FEF4FCC000-memory.dmpFilesize
14.9MB
-
memory/2008-59-0x000007FEF36C0000-0x000007FEF40E3000-memory.dmpFilesize
10.1MB
-
memory/2008-60-0x000007FEFAC60000-0x000007FEFAD12000-memory.dmpFilesize
712KB
-
memory/2008-61-0x00000000025C4000-0x00000000025C7000-memory.dmpFilesize
12KB
-
memory/2008-62-0x000007FEF2B60000-0x000007FEF36BD000-memory.dmpFilesize
11.4MB
-
memory/2008-63-0x000007FEFAF70000-0x000007FEFAFD9000-memory.dmpFilesize
420KB
-
memory/2008-64-0x000007FEFAE20000-0x000007FEFAE52000-memory.dmpFilesize
200KB
-
memory/2008-65-0x000007FEF67F0000-0x000007FEF689A000-memory.dmpFilesize
680KB
-
memory/2008-66-0x000007FEF6700000-0x000007FEF67E5000-memory.dmpFilesize
916KB
-
memory/2008-67-0x000007FEF6430000-0x000007FEF6646000-memory.dmpFilesize
2.1MB
-
memory/2008-68-0x000007FEF5EC0000-0x000007FEF5FD8000-memory.dmpFilesize
1.1MB
-
memory/2008-69-0x000007FEFADE0000-0x000007FEFAE1E000-memory.dmpFilesize
248KB
-
memory/2008-70-0x000007FEF24B0000-0x000007FEF2B55000-memory.dmpFilesize
6.6MB
-
memory/2008-71-0x000007FEF5BC0000-0x000007FEF5D2C000-memory.dmpFilesize
1.4MB
-
memory/2008-72-0x000007FEF5A20000-0x000007FEF5BB5000-memory.dmpFilesize
1.6MB
-
memory/2008-73-0x000007FEF1C60000-0x000007FEF24AB000-memory.dmpFilesize
8.3MB
-
memory/2008-74-0x00000000025CB000-0x00000000025EA000-memory.dmpFilesize
124KB
-
memory/2008-75-0x000007FEF5FE0000-0x000007FEF630E000-memory.dmpFilesize
3.2MB
-
memory/2008-76-0x000007FEF40F0000-0x000007FEF4FCC000-memory.dmpFilesize
14.9MB
-
memory/2008-77-0x000007FEF36C0000-0x000007FEF40E3000-memory.dmpFilesize
10.1MB
-
memory/2008-78-0x000007FEFAC60000-0x000007FEFAD12000-memory.dmpFilesize
712KB
-
memory/2008-79-0x00000000025C4000-0x00000000025C7000-memory.dmpFilesize
12KB
-
memory/2008-80-0x000007FEF2B60000-0x000007FEF36BD000-memory.dmpFilesize
11.4MB
-
memory/2008-81-0x000007FEF6430000-0x000007FEF6646000-memory.dmpFilesize
2.1MB