Overview

overview

1

Static

static

1

encryptor.ps1

windows7-x64

1

encryptor.ps1

windows10-2004-x64

1

Resubmissions

09/06/2023, 06:50

230609-hmdr8sbh8t 1

09/06/2023, 06:37

230609-hdmnsabh51 1

Analysis

  • max time kernel
    28s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2023, 06:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    encryptor.ps1

  • Size

    4KB

  • MD5

    abac658b781dd54b1952f30804335688

  • SHA1

    7cff0c1a5fcd046661ce4ffd6cb6578a13e9329d

  • SHA256

    a1857410dd0ac866250d279058984a332666a2fc21e568240169a3cc66398219

  • SHA512

    f1075e36988db82405b10f9a63fc7393c824388ee8838b62754d2c04ce2c2647b59c40747f7f7adcf08b845ae74eafe1e6092b20c6355b7b312238efd82e49d2

  • SSDEEP

    96:zoesaCzr458lwREMP4xFhYIaLQr3oYwvXnOmpv9W+8z2NV4w2Y7BbQa3:zoevkr458uRJuhYjLe3obt02NV4w2Xa3

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\encryptor.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-58-0x000000001B1B0000-0x000000001B492000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1740-60-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1740-59-0x0000000002460000-0x0000000002468000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1740-62-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1740-61-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1740-63-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download