Overview

overview

7

Static

static

d5c006dcc8...9d.ps1

windows10-1703-x64

7

d5c006dcc8...9d.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    369s
  • max time network
    432s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/10/2022, 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5c006dcc8066e3eb01e3bbd738b606419f55bbaa0bbd3348081056098ee4f9d.ps1

  • Size

    242KB

  • MD5

    06c2608d4c08ec704a1f7a13fec9819f

  • SHA1

    a6f2ba8e19a9b23b11c49912426282617fd930d1

  • SHA256

    d5c006dcc8066e3eb01e3bbd738b606419f55bbaa0bbd3348081056098ee4f9d

  • SHA512

    aab54df11dd3dd73e98954a90b83aba4f641904feedc1b4f97875f0be98d7f7b048e1fab232fc8602a73913974267954b9b99b3444b10001e9a5d8303d6279cf

  • SSDEEP

    3072:9NPsJuKZc9r9mJ1oVqovH5cnvUqY96uBevyyX+Ik6MCSTgfgD5:vsFZ0m8oaH5cnvUt6uBevID5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\d5c006dcc8066e3eb01e3bbd738b606419f55bbaa0bbd3348081056098ee4f9d.ps1
    1⤵
    • Deletes itself
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/388-124-0x000001D554A70000-0x000001D554A92000-memory.dmp

    Filesize

    136KB

    Download

  • memory/388-127-0x000001D56D220000-0x000001D56D296000-memory.dmp

    Filesize

    472KB

    Download