Overview

overview

8

Static

static

1

8.ps1

windows7-x64

8.ps1

windows10-2004-x64

Analysis

  • max time kernel
    24s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230831-es
  • resource tags

    arch:x64arch:x86image:win7-20230831-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    20/09/2023, 22:38

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    8.ps1

  • Size

    19KB

  • MD5

    1a5c933e83fc3395e8e5f737df0be1de

  • SHA1

    c1b72ce34210b50699c729a403683e31a87970af

  • SHA256

    50fdd1a3a1fdccbe8a57ffdeed3f550398187f8de66e79d36e48dc0eb49fd2e7

  • SHA512

    698d9c0657ac978362be8c0c1aba23e72e1469073354f1e3a8b8e40fc79affc0383f4bfa4161e377d4304b314a8b03721efb9414413c13489addb7580718785c

  • SSDEEP

    384:QcyvJvDCNrr2YyHEHaeizHlf2GkxUtJNzw5ARMthKqsvvvhUvhkvkNp8mpdIc+ZW:QcyvJvDCNrr2Yyk6eizFf2GkxUtJNYtH

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Drops startup file 5 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\8.ps1
    1⤵
    • Blocklisted process makes network request
    • Drops startup file
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Windows\system32\shutdown.exe
      "C:\Windows\system32\shutdown.exe" /r /t 10
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2892
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2628
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2312

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2312-41-0x0000000002760000-0x0000000002761000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2436-14-0x0000000002680000-0x0000000002688000-memory.dmp

              Filesize

              32KB

              Download

            • memory/2436-5-0x0000000002440000-0x0000000002448000-memory.dmp

              Filesize

              32KB

              Download

            • memory/2436-7-0x00000000024E0000-0x00000000024EE000-memory.dmp

              Filesize

              56KB

              Download

            • memory/2436-8-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/2436-11-0x00000000026A0000-0x0000000002720000-memory.dmp

              Filesize

              512KB

              Download

            • memory/2436-10-0x000000001B640000-0x000000001B686000-memory.dmp

              Filesize

              280KB

              Download

            • memory/2436-12-0x00000000026A0000-0x0000000002720000-memory.dmp

              Filesize

              512KB

              Download

            • memory/2436-9-0x00000000026A0000-0x0000000002720000-memory.dmp

              Filesize

              512KB

              Download

            • memory/2436-4-0x000000001B300000-0x000000001B5E2000-memory.dmp

              Filesize

              2.9MB

              Download

            • memory/2436-13-0x0000000002670000-0x000000000267A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2436-17-0x0000000002730000-0x000000000273C000-memory.dmp

              Filesize

              48KB

              Download

            • memory/2436-16-0x000000001BA90000-0x000000001BADE000-memory.dmp

              Filesize

              312KB

              Download

            • memory/2436-15-0x00000000026A0000-0x0000000002720000-memory.dmp

              Filesize

              512KB

              Download

            • memory/2436-30-0x000000001BB80000-0x000000001BB90000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2436-33-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/2436-34-0x00000000026A0000-0x0000000002720000-memory.dmp

              Filesize

              512KB

              Download

            • memory/2436-35-0x00000000026A0000-0x0000000002720000-memory.dmp

              Filesize

              512KB

              Download

            • memory/2436-39-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/2436-6-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/2628-40-0x00000000028C0000-0x00000000028C1000-memory.dmp

              Filesize

              4KB

              Download