Overview

overview

10

Static

static

AS.js

windows7-x64

10

AS.js

windows10-2004-x64

10

fix/moccasins.ps1

windows7-x64

1

fix/moccasins.ps1

windows10-2004-x64

1

fix/ovation.js

windows7-x64

3

fix/ovation.js

windows10-2004-x64

7

Analysis

  • max time kernel
    35s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 15:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fix/moccasins.ps1

  • Size

    372B

  • MD5

    2d5dbd94e07d7e8ca003977989c61e56

  • SHA1

    0ab5782a444e94133f58a42b067b71c70b7d504b

  • SHA256

    f50a9816c39b9853a0177256772ac650fc9890767a945426b9fa72a6cd900ee7

  • SHA512

    13c75eaade88cc17d77e57dbb1ff41c16ab2bb15f3bc3fb03e604f739eb89d86df7af425aa19715419523790a1f756152629860a6106d6e24371b4ea2c329b56

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\fix\moccasins.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\users\public\cavortingEyed.jpg DrawThemeIcon
      2⤵
        PID:1544

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1544-60-0x0000000000000000-mapping.dmp
      Download
    • memory/2024-54-0x000007FEFC251000-0x000007FEFC253000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2024-55-0x000007FEF3EF0000-0x000007FEF4913000-memory.dmp
      Filesize

      10.1MB

      Download
    • memory/2024-57-0x0000000002684000-0x0000000002687000-memory.dmp
      Filesize

      12KB

      Download
    • memory/2024-56-0x000007FEF2CC0000-0x000007FEF381D000-memory.dmp
      Filesize

      11.4MB

      Download
    • memory/2024-58-0x000000001B700000-0x000000001B9FF000-memory.dmp
      Filesize

      3.0MB

      Download
    • memory/2024-59-0x000000000268B000-0x00000000026AA000-memory.dmp
      Filesize

      124KB

      Download
    • memory/2024-61-0x0000000002684000-0x0000000002687000-memory.dmp
      Filesize

      12KB

      Download
    • memory/2024-62-0x000000000268B000-0x00000000026AA000-memory.dmp
      Filesize

      124KB

      Download