Analysis
-
max time kernel
121s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 09:01
Static task
static1
Behavioral task
behavioral1
Sample
a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
b.ps1
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
b.ps1
Resource
win10v2004-20220812-en
General
-
Target
b.ps1
-
Size
310KB
-
MD5
220e9238b05cb802d63f7d79d11b2a32
-
SHA1
77324ddee92b5ee1c2d50680ea15dd6e28ef402b
-
SHA256
248d8893d926c765d168bd48211650094dbcf8a8988c448f3b271c41bec8ca9d
-
SHA512
748f9149ceaa46789938d66a87dad5c92a9beea65a7c84c07fa42378fdee70b1340d777fcfc78efcd85254660fd4a858fe10bd83464564cde7b12c01ebbcdb7a
-
SSDEEP
6144:bgkc0c/OjocmHEk4Oz7XzoUdd9qkcM1E1nvwmtPEeJDCiRO9jEYMJD:bgkc0c/OjocmH5XXEUdd97t2Vvwm1Ee3
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
Processes:
powershell.exeflow pid process 22 1200 powershell.exe 42 1200 powershell.exe 45 1200 powershell.exe 50 1200 powershell.exe 52 1200 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 1200 powershell.exe 1200 powershell.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1200 powershell.exe Token: SeDebugPrivilege 1200 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1200-132-0x000001F9376C0000-0x000001F9376E2000-memory.dmpFilesize
136KB
-
memory/1200-133-0x00007FFFEE480000-0x00007FFFEEF41000-memory.dmpFilesize
10.8MB
-
memory/1200-135-0x000001F91D6DA000-0x000001F91D6DF000-memory.dmpFilesize
20KB
-
memory/1200-134-0x000001F9378F0000-0x000001F937905000-memory.dmpFilesize
84KB
-
memory/1200-136-0x00007FFFEE480000-0x00007FFFEEF41000-memory.dmpFilesize
10.8MB