Overview

overview

6

Static

static

3

execute_po...in.exe

windows7-x64

6

execute_po...in.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2023, 23:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    execute_powershell_bin.exe

  • Size

    102KB

  • MD5

    2dac360cf4aa2454e31eaa74cac8fe85

  • SHA1

    f64bcf263758ba16b5501d638d6321b935ca4127

  • SHA256

    80b955ad10a37932271e71f3e290fdc5e51105b890195c011c1d862b843c375e

  • SHA512

    7a6ad0d7074fa561f918e91f48989d4171c2e1e3dabca834dbf6f0172cf3cab109eeb1bbbf4433f4884ad70a284e3ae81db3f8a0500e5830e2f21022f7b3e466

  • SSDEEP

    1536:3q5U1qJZAwU1FO8U70vu9TN/8I6nJb7UwcUMIrbPIaSY6A17cZc:a5DW1k70vINms0PrzIaSC1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\execute_powershell_bin.exe
    "C:\Users\Admin\AppData\Local\Temp\execute_powershell_bin.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1416

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1416-54-0x000000001BB40000-0x000000001BE22000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1416-55-0x00000000020C0000-0x00000000020DC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1416-56-0x000000001BE30000-0x000000001BE78000-memory.dmp

          Filesize

          288KB

          Download

        • memory/1416-57-0x00000000020E0000-0x00000000020E8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1416-58-0x000000001B1E0000-0x000000001B260000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1416-59-0x000000001B1E0000-0x000000001B260000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1416-60-0x000000001BE80000-0x000000001BF26000-memory.dmp

          Filesize

          664KB

          Download

        • memory/1416-61-0x000000001BF30000-0x000000001BF64000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1416-62-0x000000001BF70000-0x000000001BFBA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/1416-63-0x0000000002280000-0x0000000002296000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1416-64-0x000000001B1E0000-0x000000001B260000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1416-65-0x000000001B1E0000-0x000000001B260000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1416-66-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download