Analysis
-
max time kernel
4s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 18:07
Static task
static1
Behavioral task
behavioral1
Sample
ez.ps1
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ez.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
12 signatures
150 seconds
General
-
Target
ez.ps1
-
Size
424KB
-
MD5
79e5aa477b91037f411652199fec4b47
-
SHA1
4d68ed5dd420f2ac0a8b3a1f0f5ec33f2c605bf3
-
SHA256
cb94129961f8d8a26ce13e84d199ea1733057adea3c0754abcf7310fa03443d4
-
SHA512
d4dd01b5935d210437d33b4a01417dd05328eb4999e0ea325ac4bced2fc63ee2679f67979bff76cb790f3d8a21604edc4d83caf13b65f5448026198a78cbee21
-
SSDEEP
6144:omGppOv8jvOtF7GryCNV81Q7NA4S6DCICQupftzJgEReLxqs2tZ4+:omE2c2tF7XCXRNNJfyftzJgyelqsH+
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 2036 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2036 powershell.exe