c1bfd7bae65c6f46a8d512dd23a522d495e9a58a91d43bd1b43251e935a5acd3

Analysis

max time kernel
154s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 11:27

Target

Panel/Panel/builder/upload.ps1
Size

2KB
MD5

e2deddb8a45ce596310936c38ea7854b
SHA1

397d426aaab00cc0b965363ef241568c5b4a2f31
SHA256

907cf46a4c7cfff82e3cb992b17a76a52a7c587121b1092d7e79b5a26f2c83da
SHA512

f822cce50dfbaabdd96b2e45063407795b02a92cec4bf990ddcac7a416e0483eb538359b924490fdf90c651d98214f027a0a9dc28f7a84270c2013416ad802d3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid	Process
4888	powershell.exe
4888	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description	pid	Process
Token: SeDebugPrivilege	4888	powershell.exe

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_suehwple.t4y.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/4888-9-0x000002E47D880000-0x000002E47D8A2000-memory.dmp

Filesize
136KB

Download
memory/4888-12-0x00007FFBFC7C0000-0x00007FFBFD281000-memory.dmp

Filesize
10.8MB

Download
memory/4888-13-0x00007FFBFC7C0000-0x00007FFBFD281000-memory.dmp

Filesize
10.8MB

Download