Overview

overview

1

Static

static

8c0bcd1d56...db.ps1

windows7-x64

1

8c0bcd1d56...db.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    38s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c0bcd1d56c7501fe984772c324567e89e1f12f4d2339461b7dcc024a1dd01db.ps1

  • Size

    4KB

  • MD5

    9e0d1782f094e5f56009677689af8bbb

  • SHA1

    c5bad0ef4f06f98e961c6bddc19d85c69ca2abca

  • SHA256

    8c0bcd1d56c7501fe984772c324567e89e1f12f4d2339461b7dcc024a1dd01db

  • SHA512

    7c4c057d5c2cd9c478d4e06131381f685b0aaf954097e19e3df322e926f80ba37ac2a4eb9920cfd48c9fe079a9d412569ac0349295841fff586166fdcf770a61

  • SSDEEP

    96:15b03oAbpRLbIa6nSgjbIEFMbDrjQWSLl+XHeeSIME++Arl+G8pKm:15b05bpRLbIa6npjsEWbDnZ+e1MR+ARk

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\8c0bcd1d56c7501fe984772c324567e89e1f12f4d2339461b7dcc024a1dd01db.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1864-54-0x000007FEFBF01000-0x000007FEFBF03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1864-55-0x000007FEF3220000-0x000007FEF3C43000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1864-56-0x000007FEF26C0000-0x000007FEF321D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1864-58-0x000000000297B000-0x000000000299A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1864-57-0x0000000002974000-0x0000000002977000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1864-59-0x0000000002974000-0x0000000002977000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1864-60-0x000000000297B000-0x000000000299A000-memory.dmp

    Filesize

    124KB

    Download