d1567088ef227fa65659956d6a71f5af4c17ce52097b9b63074f3a21a6f61d71

Analysis

max time kernel
41s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28-10-2022 23:55

Target

7.32̨ֻģ/admin/bakup.ps1
Size

5KB
MD5

eeef55864f4a7ad73941d91d1b74bc99
SHA1

03a32c174440360f07e84e9d7a8a647b52ccd053
SHA256

981492c24a80c21727db65b382bcabc5ef86e2d81133f561b688e900d1245693
SHA512

8a85c0bab88bc06f2d7cfd35e5ac6a9b0890d514accabeab0b6e842b067c20509de5b50accbcf51f0566e0dcd802e29c48c7ef1d6984916b4d8b110d74649ded
SSDEEP

96:Cv0WKxbzXUE83+LjViJf4KvZK9p0yBfzN5BdlBUMeP4yIGCctNEQT0VcOC5E4m0r:Cv0WKVKTJfDyBfpjBOwypTbm5SHqWzT1

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

1352 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1352 powershell.exe

pid	process
1352	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1352	powershell.exe

memory/1352-54-0x000007FEFB5E1000-0x000007FEFB5E3000-memory.dmp

Filesize
8KB

Download
memory/1352-55-0x000007FEF3C50000-0x000007FEF4673000-memory.dmp

Filesize
10.1MB

Download
memory/1352-57-0x0000000001FB4000-0x0000000001FB7000-memory.dmp

Filesize
12KB

Download
memory/1352-56-0x000007FEF30F0000-0x000007FEF3C4D000-memory.dmp

Filesize
11.4MB

Download
memory/1352-58-0x0000000001FB4000-0x0000000001FB7000-memory.dmp

Filesize
12KB

Download
memory/1352-59-0x0000000001FBB000-0x0000000001FDA000-memory.dmp

Filesize
124KB

Download