Overview

overview

8

Static

static

f774d791-8...d7.ps1

windows7_x64

8

f774d791-8...d7.ps1

windows10-2004_x64

8

Analysis

  • max time kernel
    280s
  • max time network
    283s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    23-06-2022 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f774d791-8b89-4228-932c-3b82c2e6c3d7.ps1

  • Size

    849KB

  • MD5

    361c2421e80a2cc8f6bbbb9eb114b323

  • SHA1

    868d94a521a5d819a473b7b61bbeb89f52f20440

  • SHA256

    5a6b3d721e7a2d977e98f217c1de129608515b310560eb28968b0330aaafe45d

  • SHA512

    4bff143ced5683214db88476e3050703d64f86d4fefa312f648f4b6e285f598037da68f39c2aec23c5a3c6ff7c093964e6802a600373d3818bf6b742ab2d0719

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\f774d791-8b89-4228-932c-3b82c2e6c3d7.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1424-130-0x000002069C550000-0x000002069C572000-memory.dmp
    Filesize

    136KB

    Download
  • memory/1424-131-0x00007FFB00220000-0x00007FFB00CE1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1424-132-0x00007FFB00220000-0x00007FFB00CE1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1424-133-0x000002069D770000-0x000002069D7B0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1424-134-0x000002069D770000-0x000002069D7B0000-memory.dmp
    Filesize

    256KB

    Download