Overview

overview

10

Static

static

Attachment.iso

windows10-1703-x64

10

8969122ef3485d.ps1

windows10-1703-x64

8

8969122ef3485df.ps1

windows10-1703-x64

8

Attachment.lnk

windows10-1703-x64

8

document.pdf

windows10-1703-x64

1

Analysis

  • max time kernel
    298s
  • max time network
    304s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05-12-2022 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8969122ef3485df.ps1

  • Size

    420KB

  • MD5

    06b8feae2c9d9f2940cb9dca40d553c3

  • SHA1

    b246ed8055ad9e7bb760795e054224d406ec8a20

  • SHA256

    93b0f19011468a4864c114bcbcfc55f460e2c789b14ea893c26ce450d3c21a9e

  • SHA512

    d0285b2a638ff76fe846f41118c7e6e2ac741ab071ec63432fc8406b181ebf187c0d77f45740eb26a193f348b15db478a7d6c96c6f92df6a7464b46c9a3f6818

  • SSDEEP

    12288:hhU0sdb34MkPGI4MpPBrCi1y05XlXNgLZRwUmm:tpki13jgLZRwUmm

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 19 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\8969122ef3485df.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1804-127-0x0000019DB7F40000-0x0000019DB7F62000-memory.dmp
    Filesize

    136KB

    Download
  • memory/1804-130-0x0000019DB7FF0000-0x0000019DB8066000-memory.dmp
    Filesize

    472KB

    Download
  • memory/1804-137-0x0000019DB7FA0000-0x0000019DB7FE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1804-138-0x0000019DB7FA0000-0x0000019DB7FE0000-memory.dmp
    Filesize

    256KB

    Download