Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 15:48
General
-
Target
8f5233d34d2dca60d28b9baead48049ac8f5dec1fa066671d069a94c78a2f9f8.ps1
-
Size
63KB
-
MD5
4e277952ef3ee77435b960cf94a73d3e
-
SHA1
4d8fd8e10edbe95ae77f7f6c497aa27d10625482
-
SHA256
8f5233d34d2dca60d28b9baead48049ac8f5dec1fa066671d069a94c78a2f9f8
-
SHA512
35c0961fce1455a276a62dc3fb670f79f9797d101cceb6f510ce51882b4bade639d4b155e0e5dc5413b3efb8e66753455343d73ff2b49f0670865353f636a96e
-
SSDEEP
768:5SHKV25WuCKW5OK5uaZ3bugaPB7Sj8EnsJN9AaC3sDpS3FX92pNZM:YHKI5WuCKW5OK5u6LuA1i9XP8B8pNu
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\8f5233d34d2dca60d28b9baead48049ac8f5dec1fa066671d069a94c78a2f9f8.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1652-54-0x000007FEFBB81000-0x000007FEFBB83000-memory.dmpFilesize
8KB
-
memory/1652-55-0x000007FEF3EF0000-0x000007FEF4913000-memory.dmpFilesize
10.1MB
-
memory/1652-57-0x0000000002514000-0x0000000002517000-memory.dmpFilesize
12KB
-
memory/1652-56-0x000007FEF3390000-0x000007FEF3EED000-memory.dmpFilesize
11.4MB
-
memory/1652-58-0x0000000002514000-0x0000000002517000-memory.dmpFilesize
12KB
-
memory/1652-59-0x000000000251B000-0x000000000253A000-memory.dmpFilesize
124KB