Analysis

  • max time kernel
    20s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2023 15:44

General

  • Target

    PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/Media/SpaceBattle/SF_CargoShip-G5-Diffuse.ps1

  • Size

    682KB

  • MD5

    7619f2d7ffa8b0bef89c7aff752f852f

  • SHA1

    076935f6b86f70e479f7645a634492a1454ed2c9

  • SHA256

    38a069a7d10b39c4a3a925f3cb7f2ad4363f5376dd1a34a949b168137c4390cd

  • SHA512

    eb8790493f653f9a0a74b72ea584d8ce7db8860d7a7a0d51d4a034b92e11e55f57da92f537fcf5e391ba97f182a61cef4758f067dd8d72fb6dbea49d2a6e24b3

  • SSDEEP

    12288:8vaSp0KK0EP01OzZ4IEGu41OsE35rD2iryFgO0XFYE9avVSwuti8DoPvnz:maSp4W5/2ir99FavVwiKA7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\PassMark PerformanceTest 10.2.1008 Portable\App\PerformanceTest\Media\SpaceBattle\SF_CargoShip-G5-Diffuse.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2040-58-0x000000001B180000-0x000000001B462000-memory.dmp
    Filesize

    2.9MB

  • memory/2040-59-0x0000000002090000-0x0000000002098000-memory.dmp
    Filesize

    32KB

  • memory/2040-60-0x0000000002874000-0x0000000002877000-memory.dmp
    Filesize

    12KB

  • memory/2040-61-0x000000000287B000-0x00000000028B2000-memory.dmp
    Filesize

    220KB