Overview

overview

1

Static

static

1

download.ps1

windows7-x64

1

download.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 12:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    download.ps1

  • Size

    5KB

  • MD5

    599f756bb7851ff3cca4267e067ad97c

  • SHA1

    7d361e479969a52908c0695a602749d93b68bf1e

  • SHA256

    83d931b40ed11c38e2a0208307e4810f4d020fd907c4e575f08c226b96bfe9f3

  • SHA512

    df4fa968e46fb1763c672fcf2636dffb1428a80b2fa35a6a60a3dfcc68f505432501eb30891e34efa2b85eb2f934bfda8b8a54087f219387b2a4854e182b14d7

  • SSDEEP

    96:IkelRvOw16o95FwZBOPtLj+0Y/AVlnQW9ERPwxzKMb2iqirN585+MOXeNT7ZXK0:7elf1rufc+r/AnnQW9ERPwx2MiiqiZ/Q

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\download.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1636

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1636-4-0x000000001B220000-0x000000001B502000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1636-5-0x0000000002480000-0x0000000002488000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1636-6-0x000007FEF59F0000-0x000007FEF638D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1636-7-0x0000000002820000-0x00000000028A0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1636-8-0x0000000002820000-0x00000000028A0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1636-9-0x0000000002820000-0x00000000028A0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1636-10-0x000007FEF59F0000-0x000007FEF638D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1636-11-0x000007FEF59F0000-0x000007FEF638D000-memory.dmp

          Filesize

          9.6MB

          Download