Analysis
-
max time kernel
10s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 15:49
General
-
Target
ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51.ps1
-
Size
162KB
-
MD5
d9dfc4a618ae9369356b8e341c30f301
-
SHA1
c1d899a36953bd8b236226981ef6c945fa308d8f
-
SHA256
ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51
-
SHA512
2b2ad786f56ad13dd625efa9d4780a4446b79b05a3fa09cac33fb458c4f6d08173d06edc644b164f418c677e659e8454296292a422dcbe2ced026b1ce73fdd2a
-
SSDEEP
3072:7x1qKoVwcNyg1d/iGbkYdMH4qDZLFh7C8We8Y937a:7x1qKfcNB1d/iGbkYdMH4qDZLFh7C8WP
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1780-54-0x000007FEFB5D1000-0x000007FEFB5D3000-memory.dmpFilesize
8KB
-
memory/1780-55-0x000007FEF35B0000-0x000007FEF3FD3000-memory.dmpFilesize
10.1MB
-
memory/1780-56-0x000007FEF2A50000-0x000007FEF35AD000-memory.dmpFilesize
11.4MB
-
memory/1780-57-0x00000000026D4000-0x00000000026D7000-memory.dmpFilesize
12KB
-
memory/1780-58-0x00000000026D4000-0x00000000026D7000-memory.dmpFilesize
12KB
-
memory/1780-59-0x00000000026DB000-0x00000000026FA000-memory.dmpFilesize
124KB