Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    strings_ca.spk.ps1

  • Size

    99KB

  • MD5

    e8c7f3933164dcd6dd894299dcac3f9d

  • SHA1

    a4386c28a0bdc1537b5a01494bc04a2f183347a6

  • SHA256

    3d6d7a3be29e701872d4060cb714d62c8911ed575f9e015ef8efa98016575b40

  • SHA512

    a5340c144a5573bf956b306ed28001f408ac01b12a3334d0be43aaa2f28df0780db528ce61bb2fcbedd4788bacee16b73675b79e8c3506cedc50a3b88b926049

  • SSDEEP

    3072:P3gTUpVGDs4HihW5+HNHRcbTuzPWwP8NOWReWg:vgTUpVGLiWw7cXuawP8DReWg

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\strings_ca.spk.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2280-4-0x000000001B330000-0x000000001B612000-memory.dmp

    Filesize

    2.9MB

  • memory/2280-5-0x0000000002220000-0x0000000002228000-memory.dmp

    Filesize

    32KB

  • memory/2280-6-0x000007FEF5A20000-0x000007FEF63BD000-memory.dmp

    Filesize

    9.6MB

  • memory/2280-7-0x0000000002620000-0x00000000026A0000-memory.dmp

    Filesize

    512KB

  • memory/2280-8-0x000007FEF5A20000-0x000007FEF63BD000-memory.dmp

    Filesize

    9.6MB

  • memory/2280-9-0x0000000002620000-0x00000000026A0000-memory.dmp

    Filesize

    512KB

  • memory/2280-10-0x000007FEF5A20000-0x000007FEF63BD000-memory.dmp

    Filesize

    9.6MB

  • memory/2280-11-0x0000000002620000-0x00000000026A0000-memory.dmp

    Filesize

    512KB