Overview

overview

8

Static

static

1

f5c9024921...da.ps1

windows7-x64

8

f5c9024921...da.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    28s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2023 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5c90249213ca4eaffb2d00a3d9869bf2a08a49f05b76c598a9fbfbbd24c91da.ps1

  • Size

    4KB

  • MD5

    17629abcba0bbd13cd1e5a7292d01759

  • SHA1

    e9ebac1e0ffc2b9ea5a2852e8a5cde3fb44af632

  • SHA256

    f5c90249213ca4eaffb2d00a3d9869bf2a08a49f05b76c598a9fbfbbd24c91da

  • SHA512

    2068a7ce39fc146ace7ae59e04ed653b506fb987fa66adf5237096e3053c5c5d98d27233f7d7317d702003e616c932dfd77962808eba4a9da3095507bf800b9f

  • SSDEEP

    96:1+2XzWbGzX83qQisqUqQAseub37D1cWgB+ackC:1NjWSU1iM1AgcWgBsn

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\f5c90249213ca4eaffb2d00a3d9869bf2a08a49f05b76c598a9fbfbbd24c91da.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-58-0x000000001B2E0000-0x000000001B5C2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1352-59-0x0000000002290000-0x0000000002298000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1352-60-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1352-61-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1352-62-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1352-63-0x00000000024A0000-0x0000000002520000-memory.dmp

    Filesize

    512KB

    Download