475b007a8368873fab4b02a9ac6443d82a461b1a71d8f3cce60d11dc812cd92c

Analysis

max time kernel
188s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 20:07

Target

file01.ps1
Size

9KB
MD5

7011b4af087cd89be198135531722ee5
SHA1

030cf2c047e8e43062b38366a4d300b5fb4549e1
SHA256

475b007a8368873fab4b02a9ac6443d82a461b1a71d8f3cce60d11dc812cd92c
SHA512

7735982403274c9ee6d1ac6e7f99d9a9c0e67365d8f7e3c91fcb6dbc840ac802d475d3496b31204c81fdc1e2d366ec7afb058f2ed29fe6b06f79504f5bb4e750
SSDEEP

192:3zfoM4e3ADVTKecs14zg6danj8gURTuTDGNdr/gtDNvQ+e3zTOnRDwHzLkLsLtLp:3UM47/N14zHdanj8gURTuTDGNdr/0DNW

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2792	powershell.exe
2792	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2792	powershell.exe

memory/2792-132-0x000002143A960000-0x000002143A982000-memory.dmp

Filesize
136KB

Download
memory/2792-133-0x00007FFC91C10000-0x00007FFC926D1000-memory.dmp

Filesize
10.8MB

Download
memory/2792-134-0x00007FFC91C10000-0x00007FFC926D1000-memory.dmp

Filesize
10.8MB

Download