8d76fd3a85e5ed34c65b358c92f2f7fb7454c3417131ef156e6f33d01463d4ee

Resubmissions

22-03-2023 16:49

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-03-2023 16:49

Target

invoice.txt.ps1
Size

2.8MB
MD5

a916869f41b3aada64fa6ef5adf38bf3
SHA1

cf899f8bd138c77f7db36ed334d6db4e88e4f5ac
SHA256

8d76fd3a85e5ed34c65b358c92f2f7fb7454c3417131ef156e6f33d01463d4ee
SHA512

a303dbcb42732a4f7818c7abcdabc0ce68a291306073f44178d1c5da7b3825a6ce7aa2094ebc8989ef00fe394da85da21038e8472fbe6bf9e212d6237ca39724
SSDEEP

49152:lO+AAoPeH7UjX4Rsqmoe6UDsfSl97xH69WbZtar:T

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

1476 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1476 powershell.exe

pid	process
1476	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1476	powershell.exe

memory/1476-58-0x000000001B290000-0x000000001B572000-memory.dmp

Filesize
2.9MB

Download
memory/1476-59-0x0000000001FA0000-0x0000000001FA8000-memory.dmp

Filesize
32KB

Download
memory/1476-60-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/1476-61-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/1476-62-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/1476-63-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/1476-64-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/1476-65-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/1476-66-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download
memory/1476-67-0x0000000002A40000-0x0000000002AC0000-memory.dmp

Filesize
512KB

Download