Overview

overview

1

Static

static

23dac77582...b0.ps1

windows7-x64

1

23dac77582...b0.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    34s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23dac775826bc12ceaf1a483e05440d0b3b90af7588a8e3376e4ac86ed9de7b0.ps1

  • Size

    61KB

  • MD5

    3c224328480a7a16ed0037af3c2232a8

  • SHA1

    1a4e6932523c34d95f050960e7c3d082adb28156

  • SHA256

    23dac775826bc12ceaf1a483e05440d0b3b90af7588a8e3376e4ac86ed9de7b0

  • SHA512

    828fb83be648f42af708e295e8f6b9978d848547e3f4a5c53e64eb7e00b48b9233095ddd29fa7edcf3ba4f7022128f703bb743d0056def4a9f2c279c4b7d146f

  • SSDEEP

    1536:Cp0RSc1hKrC7pdqLqv4ywOlnSrSBG2tcmcojtDoj8oTb4J9kA:CpkSc1hKcpdqLhywTuDRDoj8oTMYA

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\23dac775826bc12ceaf1a483e05440d0b3b90af7588a8e3376e4ac86ed9de7b0.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1076-54-0x000007FEFC431000-0x000007FEFC433000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1076-55-0x000007FEF3F10000-0x000007FEF4933000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1076-57-0x00000000024C4000-0x00000000024C7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1076-56-0x000007FEF33B0000-0x000007FEF3F0D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1076-58-0x000000001B710000-0x000000001BA0F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1076-59-0x00000000024CB000-0x00000000024EA000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1076-60-0x00000000024C4000-0x00000000024C7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1076-61-0x00000000024CB000-0x00000000024EA000-memory.dmp

    Filesize

    124KB

    Download