Analysis
-
max time kernel
90s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
17-06-2022 21:38
General
-
Target
f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4/Downloaded_files/TS_DiagnosticHistory.ps1
-
Size
2KB
-
MD5
6f42efe37f2f73bc4d5531a5906844c5
-
SHA1
6f8e508526af2f5a9ab618ebb26b140e8b2811b4
-
SHA256
00915c9baba87359a458d23e18f412647852a3260280a0d64af5e91307c01bce
-
SHA512
0a58aaa8451197dbb9cdc4a807fcbccb77b6f2fce18e973c9b6562eb3337356c45371b43fc4e07d3bd624769e3ed3af689cdfb388a9dd08333375acb5902de70
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\f5068e95e11b906cf33949376159ed87e03eb29e774029e84b8151c76d69ccf4\Downloaded_files\TS_DiagnosticHistory.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3372-130-0x000001BFC59A0000-0x000001BFC59C2000-memory.dmpFilesize
136KB
-
memory/3372-131-0x00007FFB09C60000-0x00007FFB0A721000-memory.dmpFilesize
10.8MB
-
memory/3372-132-0x00007FFB09C60000-0x00007FFB0A721000-memory.dmpFilesize
10.8MB