Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27-09-2022 08:42
Static task
static1
Behavioral task
behavioral1
Sample
a.ps1
Resource
win7-20220901-en
windows7-x64
3 signatures
300 seconds
Behavioral task
behavioral2
Sample
a.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
9 signatures
300 seconds
General
-
Target
a.ps1
-
Size
567B
-
MD5
b3cd9511ce088df0735164e5f5e7761e
-
SHA1
7ce808db75239f6931c3551d8ba96cc6d668967d
-
SHA256
5f19a9226fad05ac74b065bf8691daf121a04c33469e712e684dc9162e67b2fb
-
SHA512
30a023f496fcc2b43b0aba8ce113293cb902c17a1ab3f85848ecf66d35309faae3ba4d148efa4753ea75bb3fc97369db85235cec36de0017e132eadedfe20e7b
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
powershell.exeflow pid process 4 1056 powershell.exe 5 1056 powershell.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1056 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1056 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1056-54-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmpFilesize
8KB
-
memory/1056-55-0x000007FEF48A0000-0x000007FEF52C3000-memory.dmpFilesize
10.1MB
-
memory/1056-56-0x000007FEF3D40000-0x000007FEF489D000-memory.dmpFilesize
11.4MB
-
memory/1056-57-0x0000000002844000-0x0000000002847000-memory.dmpFilesize
12KB
-
memory/1056-58-0x000000000284B000-0x000000000286A000-memory.dmpFilesize
124KB
-
memory/1056-59-0x0000000002844000-0x0000000002847000-memory.dmpFilesize
12KB
-
memory/1056-60-0x000000000284B000-0x000000000286A000-memory.dmpFilesize
124KB