Analysis
-
max time kernel
20s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
29-11-2022 13:22
General
-
Target
fix/unseaworthy.ps1
-
Size
376B
-
MD5
11c38dd47cefe941f8bf647a0d6b4779
-
SHA1
a3cb39493e852de7cd71dc8cb66e549f75c25a15
-
SHA256
4bbe2c643d69219c23f79fa56fb416b8fe4b10ebc9939f06b42c094229921b56
-
SHA512
fc9e735f5a01e6eb0b43c6f379f5c6ef7c0dee49ca4f77025fcebe74d5f1cd61046ad7d3feb0249c9f66398e07311c0d7627a73cf94e423098ff339db0172e46
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\fix\unseaworthy.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\users\public\loanInnocuousness.jpg DrawThemeIcon2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/852-54-0x000007FEFBA21000-0x000007FEFBA23000-memory.dmpFilesize
8KB
-
memory/852-55-0x000007FEF36C0000-0x000007FEF40E3000-memory.dmpFilesize
10.1MB
-
memory/852-57-0x00000000024E4000-0x00000000024E7000-memory.dmpFilesize
12KB
-
memory/852-56-0x000007FEF2B60000-0x000007FEF36BD000-memory.dmpFilesize
11.4MB
-
memory/852-58-0x00000000024EB000-0x000000000250A000-memory.dmpFilesize
124KB
-
memory/852-60-0x00000000024E4000-0x00000000024E7000-memory.dmpFilesize
12KB
-
memory/852-61-0x00000000024EB000-0x000000000250A000-memory.dmpFilesize
124KB
-
memory/1176-59-0x0000000000000000-mapping.dmp