89f447dc083895db8e1fdab06775de3a26aa5dfb87bee7000486cb5b4c6957c1

Analysis

max time kernel
143s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2023 01:31

Target

U21tUt3c.ps1
Size

16KB
MD5

e2c56affcecefc5a0ea6eaa3e27a166c
SHA1

27f675142080f81dada9ac07de92d67ae2fb7f44
SHA256

89f447dc083895db8e1fdab06775de3a26aa5dfb87bee7000486cb5b4c6957c1
SHA512

d67d3017dd261baaa760815498d026d242c254a4c5737fa79e3d248200d8f21b87b0a84425a6160a3bdaee301a1c59017461facec7aa186bddf9ada1b3b16d50
SSDEEP

192:YUF+PK360pCS9N5T3U5TNY5mH5T3bWl5TNY2BKTBswDY5gxI5jIpWuS8z+FdNqGH:Y8+S7pCgmgXBKT1vWuS

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

432 powershell.exe
432 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 432 powershell.exe

pid	process
432	powershell.exe
432	powershell.exe

description	pid	process
Token: SeDebugPrivilege	432	powershell.exe

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vibjbmx2.pcz.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/432-133-0x000002DEF0360000-0x000002DEF0382000-memory.dmp

Filesize
136KB

Download
memory/432-140-0x000002DEF03A0000-0x000002DEF03B0000-memory.dmp

Filesize
64KB

Download
memory/432-139-0x000002DEF03A0000-0x000002DEF03B0000-memory.dmp

Filesize
64KB

Download
memory/432-147-0x000002DEF1030000-0x000002DEF124C000-memory.dmp

Filesize
2.1MB

Download