44925dd82dbf3eeba37d54ee0a72454d31a1f1b1b0960546c89ae96f6cf4a13c

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
23-11-2023 18:21

Target

file.ps1
Size

14B
MD5

b30aeb28cccf460baa3f491947a1bf30
SHA1

83b14ac457e3471e39b79cf0ff6da176d9aba1cb
SHA256

44925dd82dbf3eeba37d54ee0a72454d31a1f1b1b0960546c89ae96f6cf4a13c
SHA512

a596b279d8acf27dce8a29efddfebe878d356453a1679f12a52c25a2ce49e90d290276f7d2967b686825b6f5bab2954e19a6fc64d7737cd54566dc555c8ea6c7

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2780	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2780	powershell.exe

memory/2780-4-0x000000001B3A0000-0x000000001B682000-memory.dmp

Filesize
2.9MB

Download
memory/2780-6-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

Filesize
9.6MB

Download
memory/2780-7-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/2780-5-0x00000000023E0000-0x00000000023E8000-memory.dmp

Filesize
32KB

Download
memory/2780-8-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

Filesize
9.6MB

Download
memory/2780-9-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/2780-10-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/2780-11-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

Filesize
9.6MB

Download