554ad8f1363b269d4f215e090efe374ee06ce658597c04ef1ac01ab4bb7004e5

Analysis

max time kernel
270s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 19:40

Target

run.ps1
Size

31KB
MD5

6ed8dafbb202516cb1c1bd74193e1b98
SHA1

864a4e165493579064d20bbb14d4c0983cb5168a
SHA256

554ad8f1363b269d4f215e090efe374ee06ce658597c04ef1ac01ab4bb7004e5
SHA512

273f20f7a6cfb7eb73bb73ceca0e3e4c149714db21ceeec9a2c3a53dd8858efd6f2f8e7e82524ba1f9ff7538f2f01b098f127eb404b708af77f19335168899b5
SSDEEP

192:uU8vc8uhgpq7tN7Ct6U3ixZJpEAj/JB7vB4Ak3ixZJpEAj/JB7vB4Aw7IFQq7tNF:hcc8SgpqxNw6gcFQqxNw6

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
424	powershell.exe
424	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	424	powershell.exe

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_an4st34y.x1g.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/424-9-0x000001C246720000-0x000001C246742000-memory.dmp

Filesize
136KB

Download
memory/424-10-0x00007FF8A5130000-0x00007FF8A5BF1000-memory.dmp

Filesize
10.8MB

Download
memory/424-11-0x000001C246770000-0x000001C246780000-memory.dmp

Filesize
64KB

Download
memory/424-12-0x000001C246770000-0x000001C246780000-memory.dmp

Filesize
64KB

Download
memory/424-15-0x00007FF8A5130000-0x00007FF8A5BF1000-memory.dmp

Filesize
10.8MB

Download