Overview

overview

10

Static

static

10

f120d685d3...08.ps1

windows7-x64

1

f120d685d3...08.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    39s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f120d685d330182fd55233e36822fdd64f79fd8029934f550e6a0d956a5aaf08.ps1

  • Size

    317KB

  • MD5

    6a806d614dba55b2d846da726500a30a

  • SHA1

    175ac20b4c5dd670990aa777d2d8c09efd7cda78

  • SHA256

    f120d685d330182fd55233e36822fdd64f79fd8029934f550e6a0d956a5aaf08

  • SHA512

    829422d5b241642534c654e7c728bb9f9127dbadd14de843fb2a65b6f54dd911b631339612b256d2bd2d8cc4befb2ca71ab05222e53a93acf6a9d3662b2ae000

  • SSDEEP

    3072:F/gd+iBRIri+L7902tl1TT+3rjHH6ZIz/3w8Qp:wRIW+Lp023orjHHQE/3w8i

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\f120d685d330182fd55233e36822fdd64f79fd8029934f550e6a0d956a5aaf08.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1664-54-0x000007FEFB591000-0x000007FEFB593000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1664-55-0x000007FEF31A0000-0x000007FEF3BC3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1664-56-0x000007FEF2640000-0x000007FEF319D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1664-57-0x000000001B8C0000-0x000000001BBBF000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1664-58-0x0000000002854000-0x0000000002857000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1664-59-0x000000000285B000-0x000000000287A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1664-60-0x0000000002854000-0x0000000002857000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1664-61-0x000000000285B000-0x000000000287A000-memory.dmp

    Filesize

    124KB

    Download