Overview

overview

5

Static

static

1

1.ps1

windows7-x64

1

1.ps1

windows10-2004-x64

5

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    29-06-2023 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.ps1

  • Size

    17KB

  • MD5

    060735ee1124577637cdec928a28f5b2

  • SHA1

    4f28ad3bff859e2d5594dea03cd7069d24aee3e1

  • SHA256

    4dbbaaec27cce9dbeaa2a946c8526ef2cd32a9a0e38075ab7b1cc072e7cf058f

  • SHA512

    a3f3aad06dfe65c1bd469588906c905aea9547856a395f021b87f87e30f7d1dae69daca831c906645e228c210681f1d2a7d7a67290bd6d03d2786e4d69381bd0

  • SSDEEP

    384:4Nwz1E667gvnkZg3RidsOtX9FnjG5J1Gu0Ass7fEeF/iq/9:RE667g/OgTgyD7s+/d

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\1.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/828-58-0x000000001B2F0000-0x000000001B5D2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/828-59-0x00000000022E0000-0x00000000022E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/828-60-0x0000000002490000-0x0000000002510000-memory.dmp

    Filesize

    512KB

    Download

  • memory/828-61-0x0000000002490000-0x0000000002510000-memory.dmp

    Filesize

    512KB

    Download

  • memory/828-62-0x0000000002490000-0x0000000002510000-memory.dmp

    Filesize

    512KB

    Download

  • memory/828-63-0x000000000249B000-0x00000000024D2000-memory.dmp

    Filesize

    220KB

    Download