Analysis

  • max time kernel
    4s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 18:07

General

  • Target

    ez.ps1

  • Size

    424KB

  • MD5

    79e5aa477b91037f411652199fec4b47

  • SHA1

    4d68ed5dd420f2ac0a8b3a1f0f5ec33f2c605bf3

  • SHA256

    cb94129961f8d8a26ce13e84d199ea1733057adea3c0754abcf7310fa03443d4

  • SHA512

    d4dd01b5935d210437d33b4a01417dd05328eb4999e0ea325ac4bced2fc63ee2679f67979bff76cb790f3d8a21604edc4d83caf13b65f5448026198a78cbee21

  • SSDEEP

    6144:omGppOv8jvOtF7GryCNV81Q7NA4S6DCICQupftzJgEReLxqs2tZ4+:omE2c2tF7XCXRNNJfyftzJgyelqsH+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ez.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2036-54-0x000007FEFC2E1000-0x000007FEFC2E3000-memory.dmp

    Filesize

    8KB

  • memory/2036-55-0x000007FEF3F60000-0x000007FEF4983000-memory.dmp

    Filesize

    10.1MB

  • memory/2036-56-0x00000000023A4000-0x00000000023A7000-memory.dmp

    Filesize

    12KB

  • memory/2036-57-0x000007FEF3400000-0x000007FEF3F5D000-memory.dmp

    Filesize

    11.4MB

  • memory/2036-58-0x00000000023A4000-0x00000000023A7000-memory.dmp

    Filesize

    12KB

  • memory/2036-59-0x00000000023AB000-0x00000000023CA000-memory.dmp

    Filesize

    124KB