Overview

overview

8

Static

static

file.ps1

windows7-x64

8

file.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.ps1

  • Size

    1.2MB

  • MD5

    39c89fcd43f161fc2bd89934ba9fb68c

  • SHA1

    53b2d7da838b45a603afc354311cb6258ebb662c

  • SHA256

    b749589b7ca4bfa58f72a8a1dec78cb6aef75ba0d8f274d690c81cd18e3c8818

  • SHA512

    c1618ed1d2f5d79bcc7cd2338f9ab95253fd7519e3da3b24ab459de79087ab1762bf612405304488c70bfc35d142f27fb0dc235867e5039b7f08926d14762708

  • SSDEEP

    24576:DoGlJDRp9SeSw/032/315KkAp86jVVf3c0ceCtrOMN:DLvxSelPlnrvBbN

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/820-54-0x000007FEFBF01000-0x000007FEFBF03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/820-55-0x000007FEF3B30000-0x000007FEF4553000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/820-57-0x0000000002574000-0x0000000002577000-memory.dmp

    Filesize

    12KB

    Download

  • memory/820-56-0x000007FEF2FD0000-0x000007FEF3B2D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/820-58-0x000000000257B000-0x000000000259A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/820-59-0x00000000028D0000-0x0000000002917000-memory.dmp

    Filesize

    284KB

    Download

  • memory/820-60-0x0000000002574000-0x0000000002577000-memory.dmp

    Filesize

    12KB

    Download

  • memory/820-61-0x000000000257B000-0x000000000259A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/820-62-0x00000000028D0000-0x0000000002917000-memory.dmp

    Filesize

    284KB

    Download