Overview

overview

1

Static

static

1

powerup.ps1

windows7-x64

1

powerup.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2023, 17:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    powerup.ps1

  • Size

    549KB

  • MD5

    cb59602e92d598098849bee1b09ad02f

  • SHA1

    1b388ecae9c1d406dd1fda5b92866454b3afd0c4

  • SHA256

    c3f46f03307e72f72131e720d119d092dfeb6d850767454818bc467055b8166c

  • SHA512

    26263c71ea09de612b779a36e0a31f585dd60359919df44ba13b91a14c4dc6343009e8bfab13a7a8b3855ec498723396a9d5af9909e644b6c25eae01f6783d44

  • SSDEEP

    12288:wW2uj+olFhHYN/ugijQtX5I7Soo9/7Y3tkYed3OaXUfL4kqRgBtufTT+ECMJG:wW2DolFhHYN/ugijQtX5I+/7Y3tkYyRA

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\powerup.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2024

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2024-57-0x000000001B290000-0x000000001B572000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/2024-58-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2024-60-0x0000000002A30000-0x0000000002AB0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2024-59-0x0000000002310000-0x0000000002318000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2024-61-0x0000000002A30000-0x0000000002AB0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2024-62-0x0000000002A30000-0x0000000002AB0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2024-63-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2024-64-0x0000000002A30000-0x0000000002AB0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2024-65-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

          Filesize

          9.6MB

          Download