Overview

overview

10

Static

static

10

download.ps1

windows7_x64

1

download.ps1

windows10-2004_x64

1

Resubmissions

07-06-2022 07:35

220607-jesrvscba4 10

Analysis

  • max time kernel
    136s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    07-06-2022 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    download.ps1

  • Size

    3KB

  • MD5

    4f5f72a11fea6e60743efe1fc5259b93

  • SHA1

    c5e4b99e87841bf74531ba3df2d4150384098b80

  • SHA256

    d85f98d099a72c2b51b142e63916264f2a7051aeff04959214d91e69fcc1e590

  • SHA512

    5c3f5c58fdc63a0d3672a402413e549a7af4c730bfec0847efd2043797d429d825338f6503436dacdfd077484f0dbcdc0a1691f4bf23c3740a6d8eec51bafd77

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\download.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1792-54-0x000007FEFC041000-0x000007FEFC043000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1792-55-0x000007FEF4570000-0x000007FEF4F93000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1792-56-0x000007FEF3A10000-0x000007FEF456D000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1792-58-0x000000000294B000-0x000000000296A000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1792-57-0x0000000002944000-0x0000000002947000-memory.dmp
    Filesize

    12KB

    Download