Analysis
-
max time kernel
147s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 15:49
Static task
static1
Behavioral task
behavioral1
Sample
ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51.ps1
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51.ps1
Resource
win10v2004-20221111-en
General
-
Target
ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51.ps1
-
Size
162KB
-
MD5
d9dfc4a618ae9369356b8e341c30f301
-
SHA1
c1d899a36953bd8b236226981ef6c945fa308d8f
-
SHA256
ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51
-
SHA512
2b2ad786f56ad13dd625efa9d4780a4446b79b05a3fa09cac33fb458c4f6d08173d06edc644b164f418c677e659e8454296292a422dcbe2ced026b1ce73fdd2a
-
SSDEEP
3072:7x1qKoVwcNyg1d/iGbkYdMH4qDZLFh7C8We8Y937a:7x1qKfcNB1d/iGbkYdMH4qDZLFh7C8WP
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 448 powershell.exe 448 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 448 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ae1b016e7d8fc9e4e855694407ddff342268cb9dfa51968ba412d2604bd36f51.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:448