Overview

overview

1

Static

static

fc2c410820...b6.ps1

windows7-x64

1

fc2c410820...b6.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    59s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2022, 01:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fc2c410820b60ffc2066c24b563288cd7bc7a89eb1735f90411bca6ed9b0e0b6.ps1

  • Size

    113KB

  • MD5

    c20c376b02e7de80d21fdbde5c34aa4f

  • SHA1

    5da9e3149effb9c798ca8cd86a1ac4aea7718c4e

  • SHA256

    fc2c410820b60ffc2066c24b563288cd7bc7a89eb1735f90411bca6ed9b0e0b6

  • SHA512

    9d8d2c33b5d19317d2404f3201bc8074a28feacc243caf8d5b09bb3d0f17f43d492477aed646154ca8ea55fdcabd4b2b7d49ed855d0d07e7c1248730eac9f02f

  • SSDEEP

    1536:V55DM5hKn9N0plHalLf56fAG9DGCN+GEKXWKYJ0y9WGgz4FH:VmNnCQGgz4FH

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\fc2c410820b60ffc2066c24b563288cd7bc7a89eb1735f90411bca6ed9b0e0b6.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:316

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/316-54-0x000007FEFC191000-0x000007FEFC193000-memory.dmp

          Filesize

          8KB

          Download

        • memory/316-55-0x000007FEF4170000-0x000007FEF4B93000-memory.dmp

          Filesize

          10.1MB

          Download

        • memory/316-57-0x0000000002564000-0x0000000002567000-memory.dmp

          Filesize

          12KB

          Download

        • memory/316-56-0x000007FEF3610000-0x000007FEF416D000-memory.dmp

          Filesize

          11.4MB

          Download

        • memory/316-58-0x000000001B770000-0x000000001BA6F000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/316-59-0x000000000256B000-0x000000000258A000-memory.dmp

          Filesize

          124KB

          Download

        • memory/316-60-0x0000000002564000-0x0000000002567000-memory.dmp

          Filesize

          12KB

          Download

        • memory/316-61-0x000000000256B000-0x000000000258A000-memory.dmp

          Filesize

          124KB

          Download