Overview

overview

10

Static

static

WP.vbs

windows7-x64

10

WP.vbs

windows10-2004-x64

10

metaphysic...ed.ps1

windows7-x64

1

metaphysic...ed.ps1

windows10-2004-x64

1

metaphysic/goodly.vbs

windows7-x64

3

metaphysic/goodly.vbs

windows10-2004-x64

7

Resubmissions

09-12-2022 21:27

221209-1aq6xaed45 10

07-12-2022 11:05

221207-m678eaah33 10

Analysis

  • max time kernel
    44s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2022 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    metaphysic/clumped.ps1

  • Size

    370B

  • MD5

    5c6752386f0d0998e473c07477426a5e

  • SHA1

    f12c4cd2257af6b248571bf390784ada9cca3e4b

  • SHA256

    9b626bf28a18833d5a1d9a67a8e884111838574d7e69d2688de3a11fcd514079

  • SHA512

    d372a20e56dbe572b2893a4c480f7ef2218c2462b4b9bcda8d157eaa76464b4deebe2c1b46d1026fc8e2587b947074246752b4e383143ad7d125284d92b4bc25

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\metaphysic\clumped.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\users\public\spikingUnintelligible.txt DrawThemeIcon
      2⤵
        PID:1100

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1100-58-0x0000000000000000-mapping.dmp
      Download
    • memory/1724-54-0x000007FEFB771000-0x000007FEFB773000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1724-55-0x000007FEF3D90000-0x000007FEF47B3000-memory.dmp
      Filesize

      10.1MB

      Download
    • memory/1724-56-0x000007FEF3230000-0x000007FEF3D8D000-memory.dmp
      Filesize

      11.4MB

      Download
    • memory/1724-57-0x0000000002514000-0x0000000002517000-memory.dmp
      Filesize

      12KB

      Download
    • memory/1724-60-0x000000000251B000-0x000000000253A000-memory.dmp
      Filesize

      124KB

      Download
    • memory/1724-59-0x0000000002514000-0x0000000002517000-memory.dmp
      Filesize

      12KB

      Download