Overview

overview

10

Static

static

10

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

data/plugi...Ve.dll

windows7-x64

1

data/plugi...Ve.dll

windows10-2004-x64

1

data/plugi...ff.bat

windows7-x64

1

data/plugi...ff.bat

windows10-2004-x64

1

data/plugi...on.bat

windows7-x64

1

data/plugi...on.bat

windows10-2004-x64

1

data/plugi...ff.bat

windows7-x64

1

data/plugi...ff.bat

windows10-2004-x64

1

data/plugi...on.bat

windows7-x64

1

data/plugi...on.bat

windows10-2004-x64

1

data/scrip...de.ps1

windows7-x64

1

data/scrip...de.ps1

windows10-2004-x64

1

data/scrip...ps.ps1

windows7-x64

1

data/scrip...ps.ps1

windows10-2004-x64

1

data/scrip...ps.ps1

windows7-x64

1

data/scrip...ps.ps1

windows10-2004-x64

1

data/scrip...ve.ps1

windows7-x64

1

data/scrip...ve.ps1

windows10-2004-x64

10

data/scrip...d).ps1

windows7-x64

1

data/scrip...d).ps1

windows10-2004-x64

8

data/scrip...d).ps1

windows7-x64

1

data/scrip...d).ps1

windows10-2004-x64

1

data/scrip...ps.ps1

windows7-x64

1

data/scrip...ps.ps1

windows10-2004-x64

1

data/scrip...es.ps1

windows7-x64

8

data/scrip...es.ps1

windows10-2004-x64

8

data/scrip...ct.ps1

windows7-x64

1

data/scrip...ct.ps1

windows10-2004-x64

8

data/scrip...de.ps1

windows7-x64

1

data/scrip...de.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2023, 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    data/scripts/Apps/Remove default apps (Recommended).ps1

  • Size

    445B

  • MD5

    7506ab2bca5cbcd8c3d5759255bdd75f

  • SHA1

    2b8c11e855cee15b0672d9ac523873ff2b359e2e

  • SHA256

    eec1c0c727438bbf0c9cc3fc89b4261bc20fef37d918fd8f2140502a090dede4

  • SHA512

    f48586f65d221e3ea9b4985aa12f7587d91c94b2f81b779abe6151572c278e0b6f007070b3c52a278869f4749be43b29df8919a3e040e791b682874ccf7a29f6

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\data\scripts\Apps\Remove default apps (Recommended).ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1780-132-0x000001C1FED00000-0x000001C1FED22000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1780-133-0x00007FFF78560000-0x00007FFF79021000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1780-134-0x00007FFF78560000-0x00007FFF79021000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1780-135-0x000001C1FEC50000-0x000001C1FEC66000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1780-136-0x000001C1FEC70000-0x000001C1FEC7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1780-137-0x000001C1FF200000-0x000001C1FF226000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1780-138-0x000001C1FF2D0000-0x000001C1FF302000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1780-139-0x000001C1FED30000-0x000001C1FED38000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1780-140-0x000001C1FF400000-0x000001C1FF438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1780-141-0x000001C1FED40000-0x000001C1FED4E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1780-142-0x000001C1FF1D0000-0x000001C1FF1D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1780-143-0x000001C1FF329000-0x000001C1FF32F000-memory.dmp

    Filesize

    24KB

    Download