Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/impenitence.js

windows7-x64

3

fix/impenitence.js

windows10-2004-x64

7

fix/lists.ps1

windows7-x64

1

fix/lists.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    40s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fix/lists.ps1

  • Size

    378B

  • MD5

    fafafcce585920be78cb3684595bcc6e

  • SHA1

    3f42f4c6320ae4f38aae6c9e9f87e47ccc979bd0

  • SHA256

    e678af2cc55046caf992f96fbee8d316134ab77132349631c0723c2f8c631f30

  • SHA512

    1dd06abc2483d40e451c72d2dab6644c7866bd423a12e36e0aee655e73eb18693d987841cf9aea0df18a6ba74ac73664aae5667629e3cde95c1a8694a2892a8d

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\fix\lists.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\users\public\concoctionsInclosed.jpg DrawThemeIcon
      2⤵
        PID:628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/456-54-0x000007FEFB8A1000-0x000007FEFB8A3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/456-55-0x000007FEF34D0000-0x000007FEF3EF3000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/456-57-0x0000000002574000-0x0000000002577000-memory.dmp

      Filesize

      12KB

      Download

    • memory/456-56-0x000007FEF2330000-0x000007FEF2E8D000-memory.dmp

      Filesize

      11.4MB

      Download

    • memory/456-58-0x000000001B830000-0x000000001BB2F000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/456-59-0x000000000257B000-0x000000000259A000-memory.dmp

      Filesize

      124KB

      Download

    • memory/456-61-0x0000000002574000-0x0000000002577000-memory.dmp

      Filesize

      12KB

      Download

    • memory/456-62-0x000000000257B000-0x000000000259A000-memory.dmp

      Filesize

      124KB

      Download

    • memory/628-60-0x0000000000000000-mapping.dmp

      Download