Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2023 01:31

General

  • Target

    U21tUt3c.ps1

  • Size

    16KB

  • MD5

    e2c56affcecefc5a0ea6eaa3e27a166c

  • SHA1

    27f675142080f81dada9ac07de92d67ae2fb7f44

  • SHA256

    89f447dc083895db8e1fdab06775de3a26aa5dfb87bee7000486cb5b4c6957c1

  • SHA512

    d67d3017dd261baaa760815498d026d242c254a4c5737fa79e3d248200d8f21b87b0a84425a6160a3bdaee301a1c59017461facec7aa186bddf9ada1b3b16d50

  • SSDEEP

    192:YUF+PK360pCS9N5T3U5TNY5mH5T3bWl5TNY2BKTBswDY5gxI5jIpWuS8z+FdNqGH:Y8+S7pCgmgXBKT1vWuS

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\U21tUt3c.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1204-58-0x000000001B340000-0x000000001B622000-memory.dmp
    Filesize

    2.9MB

  • memory/1204-59-0x0000000001F40000-0x0000000001F48000-memory.dmp
    Filesize

    32KB

  • memory/1204-60-0x0000000002AE4000-0x0000000002AE7000-memory.dmp
    Filesize

    12KB

  • memory/1204-61-0x0000000002AEB000-0x0000000002B22000-memory.dmp
    Filesize

    220KB