04fac7596881d93af4bb84944292fa782bfb657d168cf715ca0dccb5838e7586

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10-01-2023 12:53

Target

CleanupTask.ps1
Size

11KB
MD5

231bbb50f158766ab0c3a778e33f8c53
SHA1

db7f219e26dcd217bcf5b95d5574463946afd91d
SHA256

04fac7596881d93af4bb84944292fa782bfb657d168cf715ca0dccb5838e7586
SHA512

3ce831476686fbb53e9d08d8a3983c2a610d50e5d9895b160e2f44b87274a82e34628a4c50adaac8718c90994304ece4d14a7cf20ee5ea29062cd8b63b7edb57
SSDEEP

192:VxBxxlJeOKT+OKTwrXNHIG6YZyZYUhAJxpxLr9vx+bgwvLdmS1jBv+2jBVIz9bsS:V3xzcOK6OK0rXd76YZyZYUhyxpxLr9vx

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1112	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1112	powershell.exe

memory/1112-54-0x000007FEFB831000-0x000007FEFB833000-memory.dmp

Filesize
8KB

Download
memory/1112-55-0x000007FEF3440000-0x000007FEF3E63000-memory.dmp

Filesize
10.1MB

Download
memory/1112-56-0x000007FEF28E0000-0x000007FEF343D000-memory.dmp

Filesize
11.4MB

Download
memory/1112-57-0x0000000002424000-0x0000000002427000-memory.dmp

Filesize
12KB

Download
memory/1112-58-0x0000000002424000-0x0000000002427000-memory.dmp

Filesize
12KB

Download
memory/1112-59-0x000000000242B000-0x000000000244A000-memory.dmp

Filesize
124KB

Download