Overview

overview

1

Static

static

1

file.ps1

windows7-x64

1

file.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    4s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2023, 19:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.ps1

  • Size

    12B

  • MD5

    6895fd3d1043bf8f962afcca26164c24

  • SHA1

    6c4d20ea5b01f38745337fff8245aa2efd706e1c

  • SHA256

    b9355649973eb203250d2e680fb4371bbc44793e11ad24abffd05d4d97593cfe

  • SHA512

    095619fb7a0802c83e49349cc0361cfe708fc3d68233a0b214dd7ed436af822d0426fffcf0630a7591554f1d5e359fc615e436dbd1fb09549cfae517f2936cfb

Score
1/10

Malware Config

Signatures

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\system32\systeminfo.exe
      "C:\Windows\system32\systeminfo.exe"
      2⤵
      • Gathers system information
      PID:3052

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2388-58-0x000000001B3A0000-0x000000001B682000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/2388-59-0x0000000001E20000-0x0000000001E28000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2388-60-0x0000000002810000-0x0000000002890000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2388-61-0x0000000002810000-0x0000000002890000-memory.dmp

          Filesize

          512KB

          Download