Analysis
-
max time kernel
68s -
max time network
72s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system -
submitted
25-01-2023 11:43
Static task
static1
Behavioral task
behavioral1
Sample
payload3.ps1
Resource
win10-20220901-en
windows10-1703-x64
3 signatures
300 seconds
General
-
Target
payload3.ps1
-
Size
13KB
-
MD5
2141a1bf1cb7afc947c7ac411971b9b3
-
SHA1
ea088080b5f137a1158865d411a8bc7ad9a7223d
-
SHA256
d2c499606f27c70d080f987e680c15ce08c716df4796c6014bdc7c251a9fa494
-
SHA512
d2590493bc137a14446ad3f77bf22e70974ab55c19309f2ea875f0d170b40ec7a32a20f2a2e5344cfecb3dbb0f84d5eaaae94c29d87e7b9e25682cafc57662f0
-
SSDEEP
384:k+Jtvn7aPGuBxGDNwRNi0RWW7dHiQ6Q6b1T:ZHDNwRNL7sLtbx
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
powershell.exeflow pid process 2 564 powershell.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
powershell.exepid process 564 powershell.exe 564 powershell.exe 564 powershell.exe 564 powershell.exe 564 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 564 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/564-124-0x00000227A5340000-0x00000227A5362000-memory.dmpFilesize
136KB
-
memory/564-127-0x00000227A5470000-0x00000227A54E6000-memory.dmpFilesize
472KB
-
memory/564-157-0x00000227A5EA0000-0x00000227A6062000-memory.dmpFilesize
1.8MB
-
memory/564-159-0x00000227A6B80000-0x00000227A70A6000-memory.dmpFilesize
5.1MB