Resubmissions
07-06-2022 07:35
220607-jesrvscba4 10Analysis
-
max time kernel
136s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-06-2022 07:35
Static task
static1
Behavioral task
behavioral1
Sample
download.ps1
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
download.ps1
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
download.ps1
-
Size
3KB
-
MD5
4f5f72a11fea6e60743efe1fc5259b93
-
SHA1
c5e4b99e87841bf74531ba3df2d4150384098b80
-
SHA256
d85f98d099a72c2b51b142e63916264f2a7051aeff04959214d91e69fcc1e590
-
SHA512
5c3f5c58fdc63a0d3672a402413e549a7af4c730bfec0847efd2043797d429d825338f6503436dacdfd077484f0dbcdc0a1691f4bf23c3740a6d8eec51bafd77
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1792 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1792 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1792-54-0x000007FEFC041000-0x000007FEFC043000-memory.dmpFilesize
8KB
-
memory/1792-55-0x000007FEF4570000-0x000007FEF4F93000-memory.dmpFilesize
10.1MB
-
memory/1792-56-0x000007FEF3A10000-0x000007FEF456D000-memory.dmpFilesize
11.4MB
-
memory/1792-58-0x000000000294B000-0x000000000296A000-memory.dmpFilesize
124KB
-
memory/1792-57-0x0000000002944000-0x0000000002947000-memory.dmpFilesize
12KB