ad2c42b0aec1c8a7d2585fb97962d450b15bac5bea90d1e0475149e02d62ae4b

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 19:11

Target

EventLogFailed.ps1
Size

1KB
MD5

2ccefc8c6370e79cff0c6fc35fe69448
SHA1

e00f984cb3e56ebc02539b7f8bc28b5f3e57bc0b
SHA256

ad2c42b0aec1c8a7d2585fb97962d450b15bac5bea90d1e0475149e02d62ae4b
SHA512

842c1050b909b427520e14b6a3536d2db84354fcd483e2e06ccf5a88e3098fde0d0b9e56b4f84a93ea5082bb5efabdcb85abe61e8fa8baf7d1ce3e3440be8076

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1940	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1940	powershell.exe

memory/1940-54-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download
memory/1940-55-0x000007FEF3AA0000-0x000007FEF44C3000-memory.dmp

Filesize
10.1MB

Download
memory/1940-56-0x000007FEF2F40000-0x000007FEF3A9D000-memory.dmp

Filesize
11.4MB

Download
memory/1940-57-0x0000000002604000-0x0000000002607000-memory.dmp

Filesize
12KB

Download
memory/1940-58-0x000000001B7B0000-0x000000001BAAF000-memory.dmp

Filesize
3.0MB

Download
memory/1940-59-0x0000000002604000-0x0000000002607000-memory.dmp

Filesize
12KB

Download
memory/1940-60-0x000000000260B000-0x000000000262A000-memory.dmp

Filesize
124KB

Download