Overview

overview

10

Static

static

1

PMOy4QqKcU...PF.zip

windows7-x64

1

PMOy4QqKcU...PF.zip

windows10-2004-x64

1

1.bat

windows7-x64

1

1.bat

windows10-2004-x64

1

detonator.cmd

windows7-x64

4

detonator.cmd

windows10-2004-x64

7

dqjg.ps1

windows7-x64

1

dqjg.ps1

windows10-2004-x64

1

dqjg.vbs

windows7-x64

1

dqjg.vbs

windows10-2004-x64

3

th5rk551.uku.ps1

windows7-x64

1

th5rk551.uku.ps1

windows10-2004-x64

1

vuso.ps1

windows7-x64

1

vuso.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    28s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2023 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vuso.ps1

  • Size

    154KB

  • MD5

    07f743d7d5bff6f276abdf9c782e3f91

  • SHA1

    7dd2d5f5e1a7857b7173629139a7d1916b3977b2

  • SHA256

    3aa145e796c24355657a378a74fcde3edd401736b75ec6446c085f813069c5d9

  • SHA512

    357b9da6abf72319ddd7cd917e1deb36bf149c96388cfc7500c7cf0d321aba8dfcde8fb61f66e8128b5308330f27687d60d073b236a436994b33427ef60d2490

  • SSDEEP

    3072:xpNVyYnJt0WOUkX6U1O315T3Apmf+QIQG:xpmYnz03Uk2315T3Apmf+QI7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\vuso.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-58-0x000000001B060000-0x000000001B342000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1352-59-0x0000000002390000-0x0000000002398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1352-60-0x00000000027A0000-0x0000000002820000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1352-62-0x00000000027A0000-0x0000000002820000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1352-61-0x00000000027A0000-0x0000000002820000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1352-63-0x00000000027AB000-0x00000000027E2000-memory.dmp

    Filesize

    220KB

    Download