Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/detect.ps1

windows7-x64

1

fix/detect.ps1

windows10-2004-x64

1

fix/promoters.js

windows7-x64

3

fix/promoters.js

windows10-2004-x64

7

Analysis

  • max time kernel
    44s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fix/detect.ps1

  • Size

    375B

  • MD5

    51d6d60ef6de8219522102e741ec642f

  • SHA1

    374db83b2741f02051ee3f399d89a73365970183

  • SHA256

    161e0b44a794c3310e5537db2123319f0bbc3c8b7281c9006e3211c719c67ab1

  • SHA512

    36118b88a8f3d4d4a8b461c72f3de51c7af84f90a98e8a04f2eff22511e766a80e53176be049088e279b1484d679f3c3a9b301767d9446499e40b92bf0d27309

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\fix\detect.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\users\public\daphniaTimbering.jpg DrawThemeIcon
      2⤵
        PID:1304

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1304-59-0x0000000000000000-mapping.dmp

      Download

    • memory/1816-54-0x000007FEFC001000-0x000007FEFC003000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1816-55-0x000007FEF37E0000-0x000007FEF4203000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/1816-56-0x000007FEF2C80000-0x000007FEF37DD000-memory.dmp

      Filesize

      11.4MB

      Download

    • memory/1816-57-0x0000000002604000-0x0000000002607000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1816-58-0x000000001B770000-0x000000001BA6F000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/1816-60-0x0000000002604000-0x0000000002607000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1816-61-0x000000000260B000-0x000000000262A000-memory.dmp

      Filesize

      124KB

      Download