Overview

overview

8

Static

static

7

Oneshot/Da...78.ps1

windows10-1703-x64

3

Oneshot/LAUNCHER.exe

windows10-1703-x64

6

Oneshot/OpenAL32.dll

windows10-1703-x64

1

Oneshot/SDL2.dll

windows10-1703-x64

1

Oneshot/SD...ge.dll

windows10-1703-x64

1

Oneshot/SDL2_ttf.dll

windows10-1703-x64

1

Oneshot/Sm...mu.dll

windows10-1703-x64

1

Oneshot/Sm...64.dll

windows10-1703-x64

1

Oneshot/_R...up.exe

windows10-1703-x64

7

Oneshot/_R...up.exe

windows10-1703-x64

7

Oneshot/_R...st.exe

windows10-1703-x64

6

Oneshot/_R...86.exe

windows10-1703-x64

7

Oneshot/_R...st.msi

windows10-1703-x64

8

Oneshot/_______.exe

windows10-1703-x64

7

Oneshot/li...mt.dll

windows10-1703-x64

3

Oneshot/libbz2.dll

windows10-1703-x64

3

Oneshot/li...-6.dll

windows10-1703-x64

3

Oneshot/li...-1.dll

windows10-1703-x64

3

Oneshot/li...-0.dll

windows10-1703-x64

3

Oneshot/libgmp-10.dll

windows10-1703-x64

3

Oneshot/li...-0.dll

windows10-1703-x64

1

Oneshot/li...-2.dll

windows10-1703-x64

3

Oneshot/libintl-8.dll

windows10-1703-x64

3

Oneshot/libjpeg-9.dll

windows10-1703-x64

3

Oneshot/liblzma-5.dll

windows10-1703-x64

3

Oneshot/libogg-0.dll

windows10-1703-x64

3

Oneshot/libpcre-1.dll

windows10-1703-x64

3

Oneshot/libphysfs.dll

windows10-1703-x64

3

Oneshot/li...-0.dll

windows10-1703-x64

1

Oneshot/li...16.dll

windows10-1703-x64

1

Oneshot/li...-0.dll

windows10-1703-x64

3

Oneshot/li...-6.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    179s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-es
  • resource tags

    arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    02-04-2023 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Oneshot/Data/Map078.ps1

  • Size

    15KB

  • MD5

    0858e5f0e2d7ace0d9e5837cb73fc3d5

  • SHA1

    c7b686082ddc052f421590655f09e7e2cce40e1d

  • SHA256

    280cef324d1807caad4afd7e441930c377d3bdb95165782f7eca03f989cae631

  • SHA512

    eb810d2af3a47a8153a5fe4dcf64fdf01ad8788ae0fdb1cf49b2b951933c21fa8ad0e4419f2704b29a73098669fc075dc61f4065bdcab2aa53005c83e63b14aa

  • SSDEEP

    384:chezWfvjFDCLdqVsc6eqgBzUfa/TGqTbWacCTFU:cL/y

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Oneshot\Data\Map078.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2824
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2824 -s 2064
      2⤵
      • Program crash
      PID:3848
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1648

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0gc05w20.v1l.ps1
      Filesize

      1B

      MD5

      c4ca4238a0b923820dcc509a6f75849b

      SHA1

      356a192b7913b04c54574d18c28d46e6395428ab

      SHA256

      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

      SHA512

      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

      Download Submit
    • memory/2824-122-0x0000026E5A7D0000-0x0000026E5A7E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2824-123-0x0000026E5A7D0000-0x0000026E5A7E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2824-124-0x0000026E74B90000-0x0000026E74C12000-memory.dmp
      Filesize

      520KB

      Download
    • memory/2824-125-0x0000026E74B10000-0x0000026E74B20000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2824-126-0x0000026E74B50000-0x0000026E74B72000-memory.dmp
      Filesize

      136KB

      Download
    • memory/2824-127-0x0000026E74D30000-0x0000026E74E32000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/2824-132-0x0000026E5A7D0000-0x0000026E5A7E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2824-133-0x0000026E5A7D0000-0x0000026E5A7E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2824-134-0x0000026E750C0000-0x0000026E75136000-memory.dmp
      Filesize

      472KB

      Download
    • memory/2824-157-0x0000026E5A7D0000-0x0000026E5A7E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2824-158-0x0000026E5A7D0000-0x0000026E5A7E0000-memory.dmp
      Filesize

      64KB

      Download