Overview

overview

10

Static

static

3

38e2e62159...f0.exe

windows7-x64

1

38e2e62159...f0.exe

windows10-2004-x64

1

404967d9e5...97.ps1

windows7-x64

1

404967d9e5...97.ps1

windows10-2004-x64

10

4c09176981...b0.exe

windows7-x64

1

4c09176981...b0.exe

windows10-2004-x64

3

5677616933...f8.exe

windows7-x64

3

5677616933...f8.exe

windows10-2004-x64

3

5c72bdbde9...05.exe

windows7-x64

3

5c72bdbde9...05.exe

windows10-2004-x64

3

843c440786...d5.pdf

windows7-x64

1

843c440786...d5.pdf

windows10-2004-x64

1

9859a4209a...e7.bat

windows7-x64

7

9859a4209a...e7.bat

windows10-2004-x64

7

Global B s...or.exe

windows7-x64

4

Global B s...or.exe

windows10-2004-x64

4

a713b4f480...f4.exe

windows7-x64

3

a713b4f480...f4.exe

windows10-2004-x64

3

aeb663f8d0...c6.exe

windows7-x64

3

aeb663f8d0...c6.exe

windows10-2004-x64

3

b029b40bad...7f.msi

windows7-x64

7

b029b40bad...7f.msi

windows10-2004-x64

7

c98083c89b...350.js

windows7-x64

10

c98083c89b...350.js

windows10-2004-x64

10

ce7a72d234...c4.exe

windows7-x64

1

ce7a72d234...c4.exe

windows10-2004-x64

1

dc1bab58ae...58.vbs

windows7-x64

1

dc1bab58ae...58.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    404967d9e5bf0c8c4158e88c8df50c913c334e62d54c9de0f1dbd1bf5da57497.ps1

  • Size

    437KB

  • MD5

    4d238bb8bfad4e8ccc3343ea91da991e

  • SHA1

    a502910cb686be7a6fc9ce76a40078fb5d36f6da

  • SHA256

    404967d9e5bf0c8c4158e88c8df50c913c334e62d54c9de0f1dbd1bf5da57497

  • SHA512

    3f53c43e85bd189547a439734d147cb73f4400dc895562e1aa7c33f90e454f3f4e458be7e9bad2e1c8526aa0702975940747f2ced8709a298cb4544d0eb9dae3

  • SSDEEP

    3072:o1AJasaQ315U3Apg4ypzUeE6Ue+VM8fpBTUv1vZuWQI2:o1AJH315U3Apg0VNRBRWQI2

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\404967d9e5bf0c8c4158e88c8df50c913c334e62d54c9de0f1dbd1bf5da57497.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2220-5-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2220-4-0x000000001B0D0000-0x000000001B3B2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2220-7-0x0000000002220000-0x0000000002228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2220-6-0x0000000002620000-0x00000000026A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2220-9-0x0000000002620000-0x00000000026A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2220-10-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2220-8-0x0000000002620000-0x00000000026A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2220-11-0x0000000002620000-0x00000000026A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2220-12-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

    Filesize

    9.6MB

    Download