Overview

overview

8

Static

static

payload3.ps1

windows10-1703-x64

8

Analysis

  • max time kernel
    68s
  • max time network
    72s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-01-2023 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    payload3.ps1

  • Size

    13KB

  • MD5

    2141a1bf1cb7afc947c7ac411971b9b3

  • SHA1

    ea088080b5f137a1158865d411a8bc7ad9a7223d

  • SHA256

    d2c499606f27c70d080f987e680c15ce08c716df4796c6014bdc7c251a9fa494

  • SHA512

    d2590493bc137a14446ad3f77bf22e70974ab55c19309f2ea875f0d170b40ec7a32a20f2a2e5344cfecb3dbb0f84d5eaaae94c29d87e7b9e25682cafc57662f0

  • SSDEEP

    384:k+Jtvn7aPGuBxGDNwRNi0RWW7dHiQ6Q6b1T:ZHDNwRNL7sLtbx

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\payload3.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/564-124-0x00000227A5340000-0x00000227A5362000-memory.dmp
    Filesize

    136KB

    Download
  • memory/564-127-0x00000227A5470000-0x00000227A54E6000-memory.dmp
    Filesize

    472KB

    Download
  • memory/564-157-0x00000227A5EA0000-0x00000227A6062000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/564-159-0x00000227A6B80000-0x00000227A70A6000-memory.dmp
    Filesize

    5.1MB

    Download