Overview

overview

1

Static

static

b3d9ff3258...24.ps1

windows7-x64

1

b3d9ff3258...24.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    184s
  • max time network
    197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3d9ff3258c966474e51d650992930eece3f0d8d3f0e4021df1f1afdcab1fb24.ps1

  • Size

    10KB

  • MD5

    31ba0f5b653c93d95065ea31aff9f68e

  • SHA1

    0bb2a457242f9e767cd38b8e5ede9e39faf64d08

  • SHA256

    b3d9ff3258c966474e51d650992930eece3f0d8d3f0e4021df1f1afdcab1fb24

  • SHA512

    e0338fe7c10ed3cca093b62b4c5db1d4964af70ba036c6ef178dd1bbb0ce5efa3c92289efe9464459f702bed46dbc1fefef58ba4fd1ff4f80e15c31156118d0e

  • SSDEEP

    192:PNpJcdEteOkOxtapRhseJNF27RWuZBs6lKIu+:PNpAEte0xtaeeJNF27RWuZBs6kt+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\b3d9ff3258c966474e51d650992930eece3f0d8d3f0e4021df1f1afdcab1fb24.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2220-132-0x000001952ADF0000-0x000001952AE12000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2220-133-0x00007FFAB9710000-0x00007FFABA1D1000-memory.dmp

    Filesize

    10.8MB

    Download