Overview

overview

10

Static

static

10

7.32...nt.ps1

windows7-x64

1

7.32...nt.ps1

windows10-2004-x64

1

7.32...ew.ps1

windows7-x64

1

7.32...ew.ps1

windows10-2004-x64

1

7.32...up.ps1

windows7-x64

1

7.32...up.ps1

windows10-2004-x64

1

7.32...he.ps1

windows7-x64

1

7.32...he.ps1

windows10-2004-x64

1

7.32...tm.ps1

windows7-x64

1

7.32...tm.ps1

windows10-2004-x64

1

7.32...ge.ps1

windows7-x64

1

7.32...ge.ps1

windows10-2004-x64

1

7.32...og.ps1

windows7-x64

1

7.32...og.ps1

windows10-2004-x64

1

7.32...te.ps1

windows7-x64

1

7.32...te.ps1

windows10-2004-x64

1

7.32...lp.ps1

windows7-x64

1

7.32...lp.ps1

windows10-2004-x64

1

7.32...x.html

windows7-x64

1

7.32...x.html

windows10-2004-x64

1

7.32...ch.ps1

windows7-x64

1

7.32...ch.ps1

windows10-2004-x64

1

7.32...el.ps1

windows7-x64

1

7.32...el.ps1

windows10-2004-x64

1

7.32...et.ps1

windows7-x64

1

7.32...et.ps1

windows10-2004-x64

1

7.32...ce.ps1

windows7-x64

1

7.32...ce.ps1

windows10-2004-x64

1

7.32...ze.ps1

windows7-x64

1

7.32...ze.ps1

windows10-2004-x64

1

7.32...ck.ps1

windows7-x64

1

7.32...ck.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2022 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7.32̨ֻģ/admin/optimize.ps1

  • Size

    9KB

  • MD5

    5989cfb1a66acc6837801d54b7ebf3dd

  • SHA1

    4f7f11103b39e51df041c6c5d3ec25e5b4e664fb

  • SHA256

    4a6756dc9c9ebba30e4bd80f867534e0710f0ee9a2e1c0a69ac90ea3664dfb87

  • SHA512

    305890d6447a41eb6fa3f6f7cf37b30556f3e54b8be8cac7d2e3175d0a05f19262a86bcc10dcb63bb5a18d85ca8e228049c4973865fbb9a06542f0522fdf0311

  • SSDEEP

    192:CnBctN3jWNtUMMuM7H/MlYCoss1rDENuIMNtxtkH/M9T3xnMe2bxYMfdk:wSNzQjAss5JlO1k

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\7.32̨ֻģ\admin\optimize.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1200-54-0x000007FEFC001000-0x000007FEFC003000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1200-55-0x000007FEF37E0000-0x000007FEF4203000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1200-56-0x0000000002A34000-0x0000000002A37000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1200-57-0x000007FEF2C80000-0x000007FEF37DD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1200-58-0x0000000002A3B000-0x0000000002A5A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1200-59-0x0000000002A34000-0x0000000002A37000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1200-60-0x0000000002A3B000-0x0000000002A5A000-memory.dmp

    Filesize

    124KB

    Download