0cf956f28571a4236d37ba1811d9d484e7848dc52ff5e9dc44c27b330621ef78

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
30/06/2023, 12:44

Target

geQkY07V.ps1
Size

393B
MD5

b36331be1b1deb5bb4701a7cdd75e68a
SHA1

72cc0986a6abb77f1e3cadece22e3170731b0704
SHA256

0cf956f28571a4236d37ba1811d9d484e7848dc52ff5e9dc44c27b330621ef78
SHA512

8636cea76328d04911b029e0b3c15d8cea77d8724a1bca94c4885119ca98060b6b9e3ad4064d6d797146e28c38e4d0c063aec08b90f62302e4ff5332f77abc84

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1712	powershell.exe
652	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1712	powershell.exe
Token: SeDebugPrivilege	652	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 652	1712	powershell.exe	29
PID 1712 wrote to memory of 652	1712	powershell.exe	29
PID 1712 wrote to memory of 652	1712	powershell.exe	29

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
620973f41fe888925be4635077f5e0af

SHA1
eab7b16af4798a2f92a69ce672fd75b8a8bfa34e

SHA256
2119ae33f32de403e01c69c4ba89babe986a33d62e58fd59547c857612b4b16a

SHA512
8d82b111d3ff7ae0bdb7936a585bdb4c59c05ba4bb1428456de437ef55db4997b49fde97bd9b790396e1c0236e3bacc678c80c1a18a415002a2de6b2eb6528f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5A7NBGM19RGJ076NDY78.temp

Filesize
7KB

MD5
620973f41fe888925be4635077f5e0af

SHA1
eab7b16af4798a2f92a69ce672fd75b8a8bfa34e

SHA256
2119ae33f32de403e01c69c4ba89babe986a33d62e58fd59547c857612b4b16a

SHA512
8d82b111d3ff7ae0bdb7936a585bdb4c59c05ba4bb1428456de437ef55db4997b49fde97bd9b790396e1c0236e3bacc678c80c1a18a415002a2de6b2eb6528f2

Download Submit
memory/652-67-0x0000000002964000-0x0000000002967000-memory.dmp

Filesize
12KB

Download
memory/652-68-0x000000000296B000-0x00000000029A2000-memory.dmp

Filesize
220KB

Download
memory/1712-58-0x000000001B200000-0x000000001B4E2000-memory.dmp

Filesize
2.9MB

Download
memory/1712-59-0x00000000022F0000-0x00000000022F8000-memory.dmp

Filesize
32KB

Download
memory/1712-60-0x00000000027E0000-0x0000000002860000-memory.dmp

Filesize
512KB

Download
memory/1712-61-0x00000000027E0000-0x0000000002860000-memory.dmp

Filesize
512KB

Download