Overview

overview

7

Static

static

3

calestial/...er.jar

windows7-x64

calestial/...er.jar

windows10-2004-x64

7

calestial/...cc.png

windows7-x64

3

calestial/...cc.png

windows10-2004-x64

3

calestial/...5b.ps1

windows7-x64

1

calestial/...5b.ps1

windows10-2004-x64

1

calestial/...36.ps1

windows7-x64

calestial/...36.ps1

windows10-2004-x64

1

calestial/...4e.ps1

windows7-x64

1

calestial/...4e.ps1

windows10-2004-x64

1

calestial/...dd.ps1

windows7-x64

1

calestial/...dd.ps1

windows10-2004-x64

1

calestial/...up.dll

windows7-x64

1

calestial/...up.dll

windows10-2004-x64

1

calestial/...-0.dll

windows10-2004-x64

1

calestial/...-0.dll

windows10-2004-x64

1

calestial/...-0.dll

windows10-2004-x64

calestial/...vm.dll

windows7-x64

1

calestial/...vm.dll

windows10-2004-x64

1

calestial/...en.dll

windows7-x64

1

calestial/...en.dll

windows10-2004-x64

1

calestial/...ge.dll

windows7-x64

1

calestial/...ge.dll

windows10-2004-x64

1

calestial/...pi.dll

windows7-x64

1

calestial/...pi.dll

windows10-2004-x64

calestial/...se.dll

windows10-2004-x64

1

calestial/...40.dll

windows7-x64

1

calestial/...40.dll

windows10-2004-x64

calestial/..._1.dll

windows7-x64

1

calestial/..._1.dll

windows10-2004-x64

1

calestial/...fy.dll

windows7-x64

1

calestial/...fy.dll

windows10-2004-x64

1

Resubmissions

04/11/2023, 09:57

231104-lzag5afc4t 7

04/11/2023, 09:39

231104-lmmlxsha43 7

07/09/2023, 18:41

230907-xb9svsda88 5

Analysis

  • max time kernel
    238s
  • max time network
    315s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2023, 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    calestial/assets/objects/c3/c3cd0db760c980287b26ef9c0894f66c4250724e.ps1

  • Size

    10KB

  • MD5

    78d3efc4abc7fda450d650b86e757992

  • SHA1

    c3cd0db760c980287b26ef9c0894f66c4250724e

  • SHA256

    fa7acce9893cd8ae274bf57453d782d825915e31999a21f0c38713116a100b45

  • SHA512

    2e835e0e7db5186c7405c4217c7979d444771b58bf263e652485def959e341c1343be1a353686d965a90d504150e5407a50f891fb2883f94a5865a2851e7ae93

  • SSDEEP

    192:gXDJomrimXOct5g6ksDLFtpfFSSu9z3LnjnM3SoOoKATzk2t74tfyQV:uimzp26F1ty/9LnjnVBAB7cH

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\calestial\assets\objects\c3\c3cd0db760c980287b26ef9c0894f66c4250724e.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2648-4-0x000000001B290000-0x000000001B572000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2648-5-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2648-6-0x00000000023F0000-0x0000000002470000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2648-7-0x00000000023F0000-0x0000000002470000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2648-8-0x00000000023F0000-0x0000000002470000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2648-9-0x0000000002490000-0x0000000002498000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2648-10-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2648-11-0x00000000023F0000-0x0000000002470000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2648-12-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2648-13-0x00000000023F0000-0x0000000002470000-memory.dmp

    Filesize

    512KB

    Download