Analysis
-
max time kernel
1600s -
max time network
1602s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30/05/2023, 17:14
Static task
static1
Behavioral task
behavioral1
Sample
rt.php.ps1
Resource
win10-20230220-en
10 signatures
1800 seconds
Behavioral task
behavioral2
Sample
rt.php.ps1
Resource
win7-20230220-en
2 signatures
1800 seconds
Behavioral task
behavioral3
Sample
rt.php.ps1
Resource
win10v2004-20230220-en
9 signatures
1800 seconds
General
-
Target
rt.php.ps1
-
Size
2.8MB
-
MD5
03c9a474f0b9196157fec9c94fdca125
-
SHA1
07ae811458835b8f163dbefdbaf29c1c2a190481
-
SHA256
8347464802fc276d09848d28162f8802566f8795a07521c535c693fdfdaa4c3d
-
SHA512
5227fa992f634c5263c3d32ca0a03c08e0532ebc8d81ddf11376ed5d19c0aa8a1ca9818ea94a60f2e94edfee7d3db0d54151ce11e9095333514b36264dda2664
-
SSDEEP
49152:0iwXDQWRnrRmKulfXDJZZH1ebFgUbqYgXE5BQkGrD:5
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1676 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1676 powershell.exe