Analysis

  • max time kernel
    124s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    strings_ca.spk.ps1

  • Size

    99KB

  • MD5

    e8c7f3933164dcd6dd894299dcac3f9d

  • SHA1

    a4386c28a0bdc1537b5a01494bc04a2f183347a6

  • SHA256

    3d6d7a3be29e701872d4060cb714d62c8911ed575f9e015ef8efa98016575b40

  • SHA512

    a5340c144a5573bf956b306ed28001f408ac01b12a3334d0be43aaa2f28df0780db528ce61bb2fcbedd4788bacee16b73675b79e8c3506cedc50a3b88b926049

  • SSDEEP

    3072:P3gTUpVGDs4HihW5+HNHRcbTuzPWwP8NOWReWg:vgTUpVGLiWw7cXuawP8DReWg

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\strings_ca.spk.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bf0wvsqs.4r0.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • memory/4404-8-0x00000125041E0000-0x0000012504202000-memory.dmp

    Filesize

    136KB

  • memory/4404-12-0x00007FFD205F0000-0x00007FFD210B1000-memory.dmp

    Filesize

    10.8MB

  • memory/4404-13-0x00007FFD205F0000-0x00007FFD210B1000-memory.dmp

    Filesize

    10.8MB