Overview

overview

1

Static

static

FlaktGroup...rt.ps1

windows7-x64

1

FlaktGroup...rt.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    44s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2022, 15:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    FlaktGroup_VPN_Crayon_support.ps1

  • Size

    1KB

  • MD5

    19d50f0efb71e301b110111d717abf43

  • SHA1

    88b1ecf92229acebf87723b6828f4a9fec5ee046

  • SHA256

    4c727d3ef82442c0f5a841f3668bbd7670391856da904087ec20601b91a80a9f

  • SHA512

    048ec6c0232f7e7222c4174239bdefc84e7d88f022eb368ba2a238a6c86068d9b158d1eb33f1231b88920b6c680abb7c54eedeb2c05ba405a488139b05d32d3c

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\FlaktGroup_VPN_Crayon_support.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2016
  • C:\Windows\system32\rasphone.exe
    "C:\Windows\system32\rasphone.exe" -d "FlaktGroup VPN"
    1⤵
      PID:1472

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2016-54-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2016-55-0x000007FEF48A0000-0x000007FEF52C3000-memory.dmp

            Filesize

            10.1MB

            Download

          • memory/2016-56-0x000007FEF3D40000-0x000007FEF489D000-memory.dmp

            Filesize

            11.4MB

            Download

          • memory/2016-57-0x0000000002374000-0x0000000002377000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2016-58-0x000000000237B000-0x000000000239A000-memory.dmp

            Filesize

            124KB

            Download

          • memory/2016-59-0x0000000002374000-0x0000000002377000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2016-60-0x000000000237B000-0x000000000239A000-memory.dmp

            Filesize

            124KB

            Download