Analysis
-
max time kernel
145s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
24-11-2022 15:47
General
-
Target
run.ps1
-
Size
116B
-
MD5
a7ace018fd3f518bc419f7e211609e01
-
SHA1
deaed741f50f27d7a60a34b83cef84f905e0569f
-
SHA256
01fda517b82e9a91c0269977ce1bf177850811b2861b399d2fb4a5e45095cfc6
-
SHA512
7920e3c2fd54f821b44b778512bd031cfb2ffddd5ba36f89f0b04650ad610eb6ff0cf506111bc81328ca0746f3472506649fe9d48b1c26401cdd771f423c7b51
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\run.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\RUNDLL32.EXE"C:\Windows\System32\RUNDLL32.EXE" C:\Users\Admin\AppData\Local\Temp\x.dll,s2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\RUNDLL32.EXE" C:\Users\Admin\AppData\Local\Temp\x.dll,s3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
-
Filesize
136KB
-
Filesize
10.8MB