Overview

overview

10

Static

static

1236.ps1

windows7_x64

1

1236.ps1

windows10-2004_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03-06-2022 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1236.ps1

  • Size

    177KB

  • MD5

    0336381c76595f013baed58abebec38c

  • SHA1

    46b35dc1fe0eca4dc45b35db87d5f6220456df17

  • SHA256

    90f7051bb59f9ee7dbfee8a1fc9882dbba383fbe1e647eff0466830d2ce71ce2

  • SHA512

    d6a3c890d9d6981b8b001b747b1b9b319a4d34e293eaf4d8a9f10b16b5a2af0d94c01fff3b532aa90200561957d2386f89c32eafed4613dda005bc2a6923c7f6

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1236.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-54-0x000007FEFC511000-0x000007FEFC513000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1688-55-0x000007FEF3F80000-0x000007FEF49A3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1688-56-0x000007FEF3420000-0x000007FEF3F7D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1688-57-0x000007FEF49B0000-0x000007FEF588C000-memory.dmp

    Filesize

    14.9MB

    Download

  • memory/1688-58-0x000007FEF3F80000-0x000007FEF49A3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1688-59-0x000007FEF71A0000-0x000007FEF7252000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1688-60-0x0000000002724000-0x0000000002727000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-61-0x000007FEF3420000-0x000007FEF3F7D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1688-62-0x000007FEFB4F0000-0x000007FEFB559000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1688-63-0x000007FEFB3E0000-0x000007FEFB412000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1688-64-0x000007FEF70F0000-0x000007FEF719A000-memory.dmp

    Filesize

    680KB

    Download

  • memory/1688-65-0x000007FEF6E90000-0x000007FEF6F75000-memory.dmp

    Filesize

    916KB

    Download

  • memory/1688-66-0x000007FEF6680000-0x000007FEF6896000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1688-67-0x000007FEF6D70000-0x000007FEF6E88000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1688-68-0x000007FEFB170000-0x000007FEFB1AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1688-69-0x000007FEEFB50000-0x000007FEF01F5000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/1688-70-0x000007FEF6380000-0x000007FEF64EC000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1688-71-0x000007FEF3280000-0x000007FEF3415000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1688-72-0x000007FEEF300000-0x000007FEEFB4B000-memory.dmp

    Filesize

    8.3MB

    Download

  • memory/1688-73-0x000000000272B000-0x000000000274A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1688-74-0x000007FEF68A0000-0x000007FEF6BCE000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1688-75-0x000007FEF49B0000-0x000007FEF588C000-memory.dmp

    Filesize

    14.9MB

    Download

  • memory/1688-76-0x000007FEF3F80000-0x000007FEF49A3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1688-77-0x0000000002724000-0x0000000002727000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-78-0x000007FEF3420000-0x000007FEF3F7D000-memory.dmp

    Filesize

    11.4MB

    Download