Overview

overview

10

Static

static

WP.vbs

windows7-x64

10

WP.vbs

windows10-2004-x64

10

metaphysic...on.vbs

windows7-x64

3

metaphysic...on.vbs

windows10-2004-x64

7

metaphysic/flag.ps1

windows7-x64

1

metaphysic/flag.ps1

windows10-2004-x64

1

Resubmissions

09-12-2022 21:29

221209-1cd95ahc3z 10

01-12-2022 14:21

221201-rpb6vsfg89 10

Analysis

  • max time kernel
    416s
  • max time network
    421s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2022 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    metaphysic/flag.ps1

  • Size

    362B

  • MD5

    d755b1b1ae9c898fb5f990dfc6f6aca2

  • SHA1

    ab5f6d18ba717c432e667f2e5d9dd22daef91e58

  • SHA256

    be0a553c1e70ee99768d88d732f83fd1f15e12c974bdc0ccabe5ede71cbd162d

  • SHA512

    d0b2e42a75a30e612bb7a6f08d09fb4c80f5c6f298553b2f04b5729c00fc4af4ac1b8ce3738b9741eed62acf032552e75106a88118e31add9a6689403ae162f7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\metaphysic\flag.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\users\public\madamSmuggler.txt DrawThemeIcon
      2⤵
        PID:1488

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1488-59-0x0000000000000000-mapping.dmp
      Download
    • memory/1976-54-0x000007FEFB531000-0x000007FEFB533000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1976-55-0x000007FEF3140000-0x000007FEF3B63000-memory.dmp
      Filesize

      10.1MB

      Download
    • memory/1976-57-0x0000000002924000-0x0000000002927000-memory.dmp
      Filesize

      12KB

      Download
    • memory/1976-56-0x000007FEF25E0000-0x000007FEF313D000-memory.dmp
      Filesize

      11.4MB

      Download
    • memory/1976-58-0x000000000292B000-0x000000000294A000-memory.dmp
      Filesize

      124KB

      Download
    • memory/1976-60-0x0000000002924000-0x0000000002927000-memory.dmp
      Filesize

      12KB

      Download
    • memory/1976-61-0x000000000292B000-0x000000000294A000-memory.dmp
      Filesize

      124KB

      Download