eeda820f8ee27fc483d338b59a5122e369c1749f0be8c1b1cd2276588471a175

Resubmissions

09-12-2022 21:26

01-12-2022 07:02

max time kernel
428s
max time network
433s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-12-2022 21:26

Target

teased/brainwaves.ps1
Size

366B
MD5

d999bce28a38621792df566ed981778a
SHA1

44e4c83d6a67fe60e4458f6e52a9bed7f1ef221a
SHA256

2401544d6ef74e83d65dae84694e0ac53e48301821507b1327e9a143bb4d1134
SHA512

0994f76e5d6db3a8ed1a03e865d6552da260e5ccbde6d4e685c42ff4222adeb80742adb6856e7b90294a34a991d2e48adf04dd27f6626b598e56dd25d5771ab7

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

1512 powershell.exe
1512 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1512 powershell.exe

pid	process
1512	powershell.exe
1512	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1512	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

powershell.exe

description	pid	process	target process
PID 1512 wrote to memory of 1716	1512	powershell.exe	rundll32.exe
PID 1512 wrote to memory of 1716	1512	powershell.exe	rundll32.exe
PID 1512 wrote to memory of 1716	1512	powershell.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\users\public\extroversionRadiantly.txt DrawThemeIcon
2⤵
PID:1716

memory/1512-54-0x000007FEFC181000-0x000007FEFC183000-memory.dmp

Filesize
8KB

Download
memory/1512-55-0x000007FEF4410000-0x000007FEF4E33000-memory.dmp

Filesize
10.1MB

Download
memory/1512-56-0x000007FEF38B0000-0x000007FEF440D000-memory.dmp

Filesize
11.4MB

Download
memory/1512-57-0x00000000028F4000-0x00000000028F7000-memory.dmp

Filesize
12KB

Download
memory/1512-58-0x000000001B760000-0x000000001BA5F000-memory.dmp

Filesize
3.0MB

Download
memory/1512-61-0x00000000028FB000-0x000000000291A000-memory.dmp

Filesize
124KB

Download
memory/1512-60-0x00000000028F4000-0x00000000028F7000-memory.dmp

Filesize
12KB

Download
memory/1716-59-0x0000000000000000-mapping.dmp

Download