514b825e8d9d620b33b1f394b360e0886e6577d0fc1f7914ff22f7e46d2aea4d

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
18/11/2023, 01:42 UTC

Target

e83b3fcdc3294e5417307d1591de5eb420d9afb8ca98859161efa7011aff5be6.ps1
Size

1KB
MD5

41ada0797867082ed9b08811a639f287
SHA1

60d01af5487b7e7d4a7ec793a557d046576d6dd0
SHA256

e83b3fcdc3294e5417307d1591de5eb420d9afb8ca98859161efa7011aff5be6
SHA512

4fac1a6b99c1dbbf0634f59538838bdb6019b58cdba6a6fdf9233b7bd7afb9663bc4d3a13ad04e948a4a08b8f7b228b5f35da42a6c1167a939f5445deb773d67

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2292	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	powershell.exe

memory/2292-4-0x000000001B340000-0x000000001B622000-memory.dmp

Filesize
2.9MB

Download
memory/2292-5-0x0000000002370000-0x0000000002378000-memory.dmp

Filesize
32KB

Download
memory/2292-6-0x000007FEF5FF0000-0x000007FEF698D000-memory.dmp

Filesize
9.6MB

Download
memory/2292-7-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/2292-8-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/2292-9-0x000007FEF5FF0000-0x000007FEF698D000-memory.dmp

Filesize
9.6MB

Download
memory/2292-10-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/2292-11-0x000007FEF5FF0000-0x000007FEF698D000-memory.dmp

Filesize
9.6MB

Download
memory/2292-12-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/2292-13-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/2292-14-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/2292-15-0x000007FEF5FF0000-0x000007FEF698D000-memory.dmp

Filesize
9.6MB

Download
memory/2292-16-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download