Overview

overview

1

Static

static

08a5c4c182...f0.ps1

windows7-x64

1

08a5c4c182...f0.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    189s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 23:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    08a5c4c1828a0a86daf715dbacfd46766a559fc1be03b1a47424f4eec5c540f0.ps1

  • Size

    1KB

  • MD5

    1d4d1f7f5d687c5b2bc445c1b0f9536a

  • SHA1

    e105fdfaca328226c2ee1ddb1f19bf3b544c85aa

  • SHA256

    08a5c4c1828a0a86daf715dbacfd46766a559fc1be03b1a47424f4eec5c540f0

  • SHA512

    62b004be967791f6c5850ffa16a597e0f19aea0c76dee5775cb56ff24b90e9c9c179c3b8011c266357882c15fe51d448db8d00cc04cbcfd332dbeb7c4fa43e8a

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\08a5c4c1828a0a86daf715dbacfd46766a559fc1be03b1a47424f4eec5c540f0.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4120

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4120-132-0x0000019C6C520000-0x0000019C6C542000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4120-133-0x00007FF8CE940000-0x00007FF8CF401000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4120-134-0x00007FF8CE940000-0x00007FF8CF401000-memory.dmp

          Filesize

          10.8MB

          Download