Overview

overview

10

Static

static

b.ps1

windows7-x64

10

b.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2022 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b.ps1

  • Size

    310KB

  • MD5

    220e9238b05cb802d63f7d79d11b2a32

  • SHA1

    77324ddee92b5ee1c2d50680ea15dd6e28ef402b

  • SHA256

    248d8893d926c765d168bd48211650094dbcf8a8988c448f3b271c41bec8ca9d

  • SHA512

    748f9149ceaa46789938d66a87dad5c92a9beea65a7c84c07fa42378fdee70b1340d777fcfc78efcd85254660fd4a858fe10bd83464564cde7b12c01ebbcdb7a

  • SSDEEP

    6144:bgkc0c/OjocmHEk4Oz7XzoUdd9qkcM1E1nvwmtPEeJDCiRO9jEYMJD:bgkc0c/OjocmH5XXEUdd97t2Vvwm1Ee3

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\b.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1000-132-0x0000022A90540000-0x0000022A90562000-memory.dmp
    Filesize

    136KB

    Download
  • memory/1000-133-0x00007FFDF4740000-0x00007FFDF5201000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1000-134-0x00007FFDF4740000-0x00007FFDF5201000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1000-135-0x0000022AA89E0000-0x0000022AA89F5000-memory.dmp
    Filesize

    84KB

    Download
  • memory/1000-136-0x0000022AA8A4A000-0x0000022AA8A4F000-memory.dmp
    Filesize

    20KB

    Download