Analysis

  • max time kernel
    46s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-06-2022 03:13

General

  • Target

    8d9190d9e5229b82ab2cc33eccf7fe6c74a269a2daf5c567991772266dfca943.ps1

  • Size

    1KB

  • MD5

    673245272e3ba5c5ffab2ffa7d3c2c62

  • SHA1

    666e9cb885dc8e0ddf1e1cd43dd34b9cd6df4591

  • SHA256

    8d9190d9e5229b82ab2cc33eccf7fe6c74a269a2daf5c567991772266dfca943

  • SHA512

    6c5876b5bb21e151e0ffb3d961b39b194a3424e8be120bb8d84c3aa0ac10c07e77b23d6b63b269c5b196ee135d5d1226819b818bcb6db086f84cb3fbfcc0ca3c

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\8d9190d9e5229b82ab2cc33eccf7fe6c74a269a2daf5c567991772266dfca943.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1672-54-0x000007FEFBED1000-0x000007FEFBED3000-memory.dmp
    Filesize

    8KB

  • memory/1672-55-0x000007FEF3940000-0x000007FEF4363000-memory.dmp
    Filesize

    10.1MB

  • memory/1672-56-0x000007FEF2DE0000-0x000007FEF393D000-memory.dmp
    Filesize

    11.4MB

  • memory/1672-57-0x0000000002524000-0x0000000002527000-memory.dmp
    Filesize

    12KB

  • memory/1672-58-0x000000000252B000-0x000000000254A000-memory.dmp
    Filesize

    124KB

  • memory/1672-59-0x0000000002524000-0x0000000002527000-memory.dmp
    Filesize

    12KB

  • memory/1672-60-0x000000000252B000-0x000000000254A000-memory.dmp
    Filesize

    124KB