Overview

overview

1

Static

static

6ce99e07aa...7b.ps1

windows7-x64

1

6ce99e07aa...7b.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ce99e07aa98ba6dc521c34cf16fbd89654d0ba59194878dffca857a4c34e57b.ps1

  • Size

    147KB

  • MD5

    9acba5eb2152ed9e84ac1bce3ba413e8

  • SHA1

    63a735d8e3f7bae05cc6eb33bc16b04154877dc1

  • SHA256

    6ce99e07aa98ba6dc521c34cf16fbd89654d0ba59194878dffca857a4c34e57b

  • SHA512

    1c61ecfde31612af3bb677bd194c7d9c070fdf415b3f13aebabb4d643ad9d98920a6edf97a8c8b25c6a510c3d99c65ff0ed82466cd42238a4680059918eccb41

  • SSDEEP

    3072:GMDynWNVuG7DituutQxCGsBeHjzXoCsN5o3rgsQHp9:GMDlN8G7DituutQxCGsB0jzXoCsN3sQD

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\6ce99e07aa98ba6dc521c34cf16fbd89654d0ba59194878dffca857a4c34e57b.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1684-54-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1684-55-0x000007FEF3A20000-0x000007FEF4443000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1684-56-0x000007FEF2EC0000-0x000007FEF3A1D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1684-57-0x000000001B870000-0x000000001BB6F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1684-58-0x00000000029C4000-0x00000000029C7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1684-60-0x00000000029C4000-0x00000000029C7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1684-59-0x00000000029CB000-0x00000000029EA000-memory.dmp

    Filesize

    124KB

    Download