Overview

overview

7

Static

static

bm114/index.html

windows7-x64

1

bm114/index.html

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...hi.htm

windows7-x64

1

bm114/wwwr...hi.htm

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...ai.htm

windows7-x64

1

bm114/wwwr...ai.htm

windows10-2004-x64

1

bm114/wwwr...x.html

windows7-x64

1

bm114/wwwr...x.html

windows10-2004-x64

1

bm114/wwwr...et.ps1

windows7-x64

1

bm114/wwwr...et.ps1

windows10-2004-x64

1

bm114/wwwr...1.html

windows7-x64

1

bm114/wwwr...1.html

windows10-2004-x64

1

bm114/wwwr...0.html

windows7-x64

1

bm114/wwwr...0.html

windows10-2004-x64

1

bm114/wwwr...1.html

windows7-x64

1

bm114/wwwr...1.html

windows10-2004-x64

1

Analysis

  • max time kernel
    294s
  • max time network
    355s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bm114/wwwroot/chengyu/checkpostandget.ps1

  • Size

    1KB

  • MD5

    721ba935d1296955ada99db5149976e4

  • SHA1

    6bed8c63c3cbb8a0773d100ff183a34358c48601

  • SHA256

    0791c1b2db77650241c723ac704edc4b9ff6dc55dff807bc379ffc5845560010

  • SHA512

    3e33c820f9a5d5b2795c98929952a919f1e69b93a5763350d4bf9e8e438cad22047a6824d977460762af185041551d6a76bea2a40d222bc8d4a153766a62a85a

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\bm114\wwwroot\chengyu\checkpostandget.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3656-132-0x0000017DA8C20000-0x0000017DA8C42000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3656-133-0x00007FFC57950000-0x00007FFC58411000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3656-134-0x00007FFC57950000-0x00007FFC58411000-memory.dmp

    Filesize

    10.8MB

    Download