Overview

overview

10

Static

static

1

ReklamX.bat

windows7-x64

1

ReklamX.bat

windows10-2004-x64

1

ReklamX.ps1

windows7-x64

1

ReklamX.ps1

windows10-2004-x64

10

ReklamX.vbs

windows7-x64

1

ReklamX.vbs

windows10-2004-x64

1

ini.bat

windows7-x64

1

ini.bat

windows10-2004-x64

1

ini.ps1

windows7-x64

1

ini.ps1

windows10-2004-x64

1

ini.vbs

windows7-x64

3

ini.vbs

windows10-2004-x64

3

Analysis

  • max time kernel
    14s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    06-10-2023 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ReklamX.ps1

  • Size

    223KB

  • MD5

    ab2a1f573270f0745562ea5c4c872392

  • SHA1

    e6e852b2b898a4a587fb8244cb2c0f8c70002c83

  • SHA256

    ef7b8582cd02a9bcb90c8474391b4f6656ecfd716abbe88574476b2abda06f33

  • SHA512

    c6bb4874a4fda0672422451b97ec825de5b5b2b06f83d0c2dfe27b67d29734560247ea20ed758cb781fec786a628d11e050d81f421e8cc56eb64403869d89778

  • SSDEEP

    3072:tYe4kBysU1WH9MRHmo957JwI8/VC1JjQdMhvSWm8+B0RjcGd1F9h/IleqxEAY5cp:6e4kY1WH9SGo957KViJjQdMhvFuX

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ReklamX.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2120-4-0x000000001B360000-0x000000001B642000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2120-6-0x0000000002460000-0x0000000002468000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2120-5-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2120-7-0x0000000002AC0000-0x0000000002B40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2120-8-0x0000000002AC0000-0x0000000002B40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2120-9-0x0000000002AC0000-0x0000000002B40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2120-10-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2120-11-0x0000000002AC0000-0x0000000002B40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2120-13-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2120-12-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2120-14-0x0000000002AC0000-0x0000000002B40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2120-15-0x0000000002AC0000-0x0000000002B40000-memory.dmp

    Filesize

    512KB

    Download