Overview

overview

3

Static

static

1

peloader.ps1

windows7-x64

1

peloader.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2023, 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    peloader.ps1

  • Size

    3KB

  • MD5

    66f3811910af3760e2ad0751826161ba

  • SHA1

    faac306e04b0b6ebe1fd30c3270f3e64f5f8e12c

  • SHA256

    d25075fd69a9652269c4fed38ce93a58bcac803f6fff76ffe8b765eb10a94c83

  • SHA512

    7118415679fe111536ac4385c3490bd24fa6b3088063a26e39c17592a578f630f9281af436678f439df6f2c415fadd1c64ec0650999f65e76b40336824bc51f5

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\peloader.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:920
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "920" "1148"
      2⤵
        PID:268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport7081420.txt
      Filesize

      1KB

      MD5

      2671012601eb4d5f891870f01555ae96

      SHA1

      50c47d9c7fab00ad30c5e8fc34f85029ba9f423b

      SHA256

      7a8446dace4f2d7b62419ebb443d0342f716e8405f1c652cd982bb122ce20cee

      SHA512

      a031c20c1dec3e3222979a20e450663e7eef92a7bb20e1fbbf141c2fc29632fc84d81459b98af45e63b27b27c7898c03db7072ef5a3ac5724be77ffe5ee16e39

      Download Submit

    • memory/920-58-0x000000001B2B0000-0x000000001B592000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/920-59-0x0000000001ED0000-0x0000000001ED8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/920-63-0x000000000298B000-0x00000000029C2000-memory.dmp

      Filesize

      220KB

      Download

    • memory/920-62-0x0000000002984000-0x0000000002987000-memory.dmp

      Filesize

      12KB

      Download