Overview

overview

1

Static

static

1

qux/action/load.ps1

windows7-x64

1

qux/action/load.ps1

windows10-2004-x64

1

qux/error.html

windows7-x64

1

qux/error.html

windows10-2004-x64

1

qux/footer.js

windows7-x64

1

qux/footer.js

windows10-2004-x64

1

qux/func/forum.ps1

windows7-x64

1

qux/func/forum.ps1

windows10-2004-x64

1

qux/func/f...min.js

windows7-x64

1

qux/func/f...min.js

windows10-2004-x64

1

qux/func/functions.js

windows7-x64

1

qux/func/functions.js

windows10-2004-x64

1

qux/func/ip2c/ip2c.js

windows7-x64

1

qux/func/ip2c/ip2c.js

windows10-2004-x64

1

qux/func/p...ode.js

windows7-x64

1

qux/func/p...ode.js

windows10-2004-x64

1

qux/func/shop.ps1

windows7-x64

1

qux/func/shop.ps1

windows10-2004-x64

1

qux/func/timthumb.ps1

windows7-x64

1

qux/func/timthumb.ps1

windows10-2004-x64

1

qux/func/t...ike.js

windows7-x64

1

qux/func/t...ike.js

windows10-2004-x64

1

qux/func/t...ror.js

windows7-x64

1

qux/func/t...ror.js

windows10-2004-x64

1

qux/func/t...css.js

windows7-x64

1

qux/func/t...css.js

windows10-2004-x64

1

qux/func/t...xed.js

windows7-x64

1

qux/func/t...xed.js

windows10-2004-x64

1

qux/func/t...ipt.js

windows7-x64

1

qux/func/t...ipt.js

windows10-2004-x64

1

qux/func/t...php.js

windows7-x64

1

qux/func/t...php.js

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2023 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qux/func/shop.ps1

  • Size

    53KB

  • MD5

    7ffd0fb640007f4625f1e3ba735521b3

  • SHA1

    64f54d1e0a6f279a7f7858c5408b75ff15fb07f7

  • SHA256

    f241a83818703c69584495719b152dea916abd9e6941fcb30610ad7a4f8881b1

  • SHA512

    1e6cead0455c9f5cde50b5e7b958c526543e619d3c2c63c2363f2dca3a30cebb0e85a0efa3c223cc7b8d7ae7e56a2fc65fc6a3297fc2ec650a8f9544b64ab892

  • SSDEEP

    768:BUKefArwUzvl3TVkYOJltjkrq4GRupV/eBQlmQE8eNO9z7lNmGc2+ySs:RJwUzhTVkYIltjkfh/ek7dlNmG7+ySs

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\qux\func\shop.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vrpp5vqw.i0v.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/1980-9-0x000001AF2ABB0000-0x000001AF2ABD2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1980-10-0x00007FFCE0B70000-0x00007FFCE1631000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1980-11-0x000001AF11D50000-0x000001AF11D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-12-0x000001AF11D50000-0x000001AF11D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-14-0x00007FFCE0B70000-0x00007FFCE1631000-memory.dmp

    Filesize

    10.8MB

    Download