Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31/05/2023, 13:40
Static task
static1
Behavioral task
behavioral1
Sample
snappyshop.ps1
Resource
win7-20230220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
snappyshop.ps1
Resource
win10v2004-20230221-en
8 signatures
150 seconds
General
-
Target
snappyshop.ps1
-
Size
2KB
-
MD5
2d2527e1c3a9ba0817fa4810babddf21
-
SHA1
fb1f63232062623a66c8c1aae82c97cd715af2b4
-
SHA256
05839e62e09d4d68c3a789931cc6f68c68bbe7df11d15e36cce96cd0b3e6c1fd
-
SHA512
fcb1346ae932c134b033e2e0df09aeeb98c488eac7bc85013599b40b9e301677c366783ff3975891309745b9a3262103868db8c1e42ea6d77bc350756d909b3f
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Windows\CurrentVersion\Run\ClockUTCSync_3976 = "C:\\Users\\Admin\\AppData\\Roaming\\ClockUTCSync_3976\\client32.exe" powershell.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1204 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1204 powershell.exe