Overview

overview

8

Static

static

1

Cubabghabe...s1.ps1

windows7-x64

8

Cubabghabe...s1.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2023 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cubabghabefajj1_browsingPs1.ps1

  • Size

    412KB

  • MD5

    7d82030186936aa9fb21256d9593d992

  • SHA1

    09e04ba053edcf4ca38541cbd735568945a5948d

  • SHA256

    61971d3cbf88d6658e5209de443e212100afc8f033057d9a4e79000f6f0f7cc4

  • SHA512

    74978174cf7f3cdd7c06b316d91574d54c30dc151fab7fa197e3a551d2e4f61cdac40b77743b395fa92a2a4d7655a9b57cccb1052848ee5f9d050255b6929f91

  • SSDEEP

    3072:i6wwAIat9XZ6a2je16wwAIat9XZ6a2jei96wwAIat9XZ6a2jeigYL6wwAIat9XZ+:M1JSw1JSf1JS/1JSO1JS51JSo1JSU

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Cubabghabefajj1_browsingPs1.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/628-58-0x000000001B1D0000-0x000000001B4B2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/628-59-0x0000000002550000-0x0000000002558000-memory.dmp

    Filesize

    32KB

    Download

  • memory/628-60-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/628-61-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/628-64-0x00000000027F0000-0x0000000002870000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-63-0x00000000027F0000-0x0000000002870000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-62-0x00000000027F0000-0x0000000002870000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-65-0x00000000027F0000-0x0000000002870000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-66-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp

    Filesize

    9.6MB

    Download