10aa01e6acc8c86625168daa361c5516b24ca66b3435817ab589446b330850e2

Analysis

max time kernel
148s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2023 23:48

Target

dedfdbf894e736445856712b064fef67.ps1
Size

671KB
MD5

892eec08beb3826a4cf03aa9b5c9d56b
SHA1

f8743840f3e4484a379a82b56e94b6e2a40dbf8e
SHA256

89547de466957bf0b490c7c09a8d73537a8207536b81b7c4d9be81e3320e7eb3
SHA512

89e7fc5b2d20e171d3641b7a4414e76151864fa794ed16a35ac8f7803d1b156589f5b022028cdf0e4c08b38e5753d1de2c18b645775fb12413fa21d2325d0266
SSDEEP

12288:fqx9ibOdCZ1lrcirEQgEJaP21Ywznl5v4QjkzbLc+8diPE:fEc6dCZzcirEQgE51YGnl5vxI/Lc+8dd

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
552	powershell.exe
552	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	552	powershell.exe

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_szxs4nj1.h0q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/552-2-0x0000020A7BC70000-0x0000020A7BC92000-memory.dmp

Filesize
136KB

Download
memory/552-10-0x00007FFD37920000-0x00007FFD383E1000-memory.dmp

Filesize
10.8MB

Download
memory/552-11-0x0000020A7C2B0000-0x0000020A7C2C0000-memory.dmp

Filesize
64KB

Download
memory/552-12-0x0000020A7C2B0000-0x0000020A7C2C0000-memory.dmp

Filesize
64KB

Download
memory/552-15-0x00007FFD37920000-0x00007FFD383E1000-memory.dmp

Filesize
10.8MB

Download