Overview

overview

10

Static

static

10

7.32...nt.ps1

windows7-x64

1

7.32...nt.ps1

windows10-2004-x64

1

7.32...ew.ps1

windows7-x64

1

7.32...ew.ps1

windows10-2004-x64

1

7.32...up.ps1

windows7-x64

1

7.32...up.ps1

windows10-2004-x64

1

7.32...he.ps1

windows7-x64

1

7.32...he.ps1

windows10-2004-x64

1

7.32...tm.ps1

windows7-x64

1

7.32...tm.ps1

windows10-2004-x64

1

7.32...ge.ps1

windows7-x64

1

7.32...ge.ps1

windows10-2004-x64

1

7.32...og.ps1

windows7-x64

1

7.32...og.ps1

windows10-2004-x64

1

7.32...te.ps1

windows7-x64

1

7.32...te.ps1

windows10-2004-x64

1

7.32...lp.ps1

windows7-x64

1

7.32...lp.ps1

windows10-2004-x64

1

7.32...x.html

windows7-x64

1

7.32...x.html

windows10-2004-x64

1

7.32...ch.ps1

windows7-x64

1

7.32...ch.ps1

windows10-2004-x64

1

7.32...el.ps1

windows7-x64

1

7.32...el.ps1

windows10-2004-x64

1

7.32...et.ps1

windows7-x64

1

7.32...et.ps1

windows10-2004-x64

1

7.32...ce.ps1

windows7-x64

1

7.32...ce.ps1

windows10-2004-x64

1

7.32...ze.ps1

windows7-x64

1

7.32...ze.ps1

windows10-2004-x64

1

7.32...ck.ps1

windows7-x64

1

7.32...ck.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    22s
  • max time network
    41s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2022 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7.32̨ֻģ/admin/bakup.ps1

  • Size

    5KB

  • MD5

    eeef55864f4a7ad73941d91d1b74bc99

  • SHA1

    03a32c174440360f07e84e9d7a8a647b52ccd053

  • SHA256

    981492c24a80c21727db65b382bcabc5ef86e2d81133f561b688e900d1245693

  • SHA512

    8a85c0bab88bc06f2d7cfd35e5ac6a9b0890d514accabeab0b6e842b067c20509de5b50accbcf51f0566e0dcd802e29c48c7ef1d6984916b4d8b110d74649ded

  • SSDEEP

    96:Cv0WKxbzXUE83+LjViJf4KvZK9p0yBfzN5BdlBUMeP4yIGCctNEQT0VcOC5E4m0r:Cv0WKVKTJfDyBfpjBOwypTbm5SHqWzT1

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\7.32̨ֻģ\admin\bakup.ps1
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4920-132-0x000001D327DC0000-0x000001D327DE2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4920-133-0x00007FFDCF2E0000-0x00007FFDCFDA1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4920-134-0x00007FFDCF2E0000-0x00007FFDCFDA1000-memory.dmp

    Filesize

    10.8MB

    Download