Overview

overview

1

Static

static

mount.iso.ps1

windows7-x64

1

mount.iso.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    108s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2022, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mount.iso.ps1

  • Size

    10KB

  • MD5

    430823cf82ce697ef304bb9dff20be51

  • SHA1

    322ff67558533b25f1c3356f080504f0a541f2c6

  • SHA256

    cdae7b08c8fdb23f42efa202fb46e59a96bea07a93d149a83c51b8b9e1558c4b

  • SHA512

    708c7bb782e716a63a04a2e4a9a07ea5a4119b247ff4f88be505766513a067aeb6d73497c1a18ce2596ef659baced134098ebd5e4d76e6d273976ead7651f314

  • SSDEEP

    192:oSE4rVNGLCO6ZkdnvkqMzOUPiVx1KXaEiEyFRFfWsX3XMIKxzSWaSj3cef9:oSEIVwkSEqHpnX2uIzrf9

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\mount.iso.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1496-132-0x00000140B3200000-0x00000140B3222000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1496-133-0x00007FFA1AF50000-0x00007FFA1BA11000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1496-134-0x00007FFA1AF50000-0x00007FFA1BA11000-memory.dmp

    Filesize

    10.8MB

    Download