cadc4b5d3da925f221cfb090fea16485be53f6e070d2181886380b10f082830a

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 08:23

Target

fix/catechism.ps1
Size

374B
MD5

bf2437ef024bd621ba8e748186588e3a
SHA1

ba5d13ad4ff7826da49eb5af902d5654c9f7853d
SHA256

cb1e267954a684aa76d838aa4ff80235feb94fb7bb70116cd2d400a2fb8072e3
SHA512

3a81841d66e877baa7142b3548aa73b30befc3432150db912c0288fbaa87c1a00411c302e6cd5129735d1bceb3a3635bce4b34f7191a8a587928127e093069ef

Score

1^/10

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

1264 powershell.exe
1264 powershell.exe
1264 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1264 powershell.exe

description	pid	process
Token: SeDebugPrivilege	1264	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

powershell.exe

description	pid	process	target process
PID 1264 wrote to memory of 976	1264	powershell.exe	rundll32.exe
PID 1264 wrote to memory of 976	1264	powershell.exe	rundll32.exe
PID 1264 wrote to memory of 976	1264	powershell.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\users\public\umlautsCapsized.jpg DrawThemeIcon
2⤵
PID:976

memory/976-60-0x0000000000000000-mapping.dmp

Download
memory/1264-54-0x000007FEFC581000-0x000007FEFC583000-memory.dmp

Filesize
8KB

Download
memory/1264-55-0x000007FEF4A00000-0x000007FEF5423000-memory.dmp

Filesize
10.1MB

Download
memory/1264-57-0x0000000002544000-0x0000000002547000-memory.dmp

Filesize
12KB

Download
memory/1264-56-0x000007FEF3EA0000-0x000007FEF49FD000-memory.dmp

Filesize
11.4MB

Download
memory/1264-58-0x000000001B720000-0x000000001BA1F000-memory.dmp

Filesize
3.0MB

Download
memory/1264-59-0x000000000254B000-0x000000000256A000-memory.dmp

Filesize
124KB

Download
memory/1264-61-0x0000000002544000-0x0000000002547000-memory.dmp

Filesize
12KB

Download
memory/1264-62-0x000000000254B000-0x000000000256A000-memory.dmp

Filesize
124KB

Download