Overview

overview

1

Static

static

1

target.ps1

windows7-x64

1

target.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2023 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    target.ps1

  • Size

    2KB

  • MD5

    d5ce3f4565738f31564d371028405db5

  • SHA1

    c53c811e3be0be5706db2864c59cdbcabd833af3

  • SHA256

    4fe40883ca43c494ea64b4a08b42aa2758a2d09e239a9d256f33e53a00d16b0d

  • SHA512

    5f6ad159ba9e8bb5d05cb38cf0a2e72d52adddcee7b7175568d93bbad4bffd27a8d20fbe7d5b3b0ac8c4b56266f78048ecb3fce1cddef8f5100acce3a29f641d

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\target.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1732-58-0x000000001B270000-0x000000001B552000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1732-59-0x0000000002290000-0x0000000002298000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1732-61-0x00000000023E0000-0x0000000002460000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1732-62-0x00000000023EB000-0x0000000002422000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1732-60-0x00000000023E4000-0x00000000023E7000-memory.dmp

    Filesize

    12KB

    Download