Overview

overview

5

Static

static

1

script.ps1

windows7-x64

5

script.ps1

android-9-x86

script.ps1

android-10-x64

script.ps1

android-11-x64

script.ps1

macos-10.15-amd64

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2023, 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    script.ps1

  • Size

    12B

  • MD5

    a9cc59a923a7097133d81844b71e601d

  • SHA1

    c37893da65e654326e29d44c51ef18949de519f6

  • SHA256

    358cc93f7731e36c49f6cc396b1f12856310009ca839e79aaad4befaf162abd8

  • SHA512

    f4f01aea122b357c77d51db4a22d62ccf9095769ad0ea2ae5c51f39ca60562af182082d3ec0a58eb003960e00154d8492a44f890867db2578aecd7b9097885c0

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\script.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"
      2⤵
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1256-4-0x000000001B4C0000-0x000000001B7A2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1256-5-0x00000000020A0000-0x00000000020A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1256-6-0x000007FEF4EA0000-0x000007FEF583D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1256-7-0x000007FEF4EA0000-0x000007FEF583D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1256-9-0x0000000002940000-0x00000000029C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1256-8-0x0000000002940000-0x00000000029C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1256-10-0x0000000002940000-0x00000000029C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1256-11-0x0000000002940000-0x00000000029C0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1256-12-0x000007FEF4EA0000-0x000007FEF583D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2796-13-0x00000000021F0000-0x00000000021F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2796-15-0x00000000021F0000-0x00000000021F1000-memory.dmp

    Filesize

    4KB

    Download