Overview

overview

7

Static

static

1

86164f8801...380.gz

windows7-x64

3

86164f8801...380.gz

windows10-2004-x64

7

.new/ascri...ce.vbs

windows7-x64

1

.new/ascri...ce.vbs

windows10-2004-x64

1

.new/ascri...er.vbs

windows7-x64

1

.new/ascri...er.vbs

windows10-2004-x64

1

.new/ascri..._N.ps1

windows7-x64

1

.new/ascri..._N.ps1

windows10-2004-x64

1

.new/ascri..._n.ps1

windows7-x64

1

.new/ascri..._n.ps1

windows10-2004-x64

1

.new/ascri..._s.vbs

windows7-x64

1

.new/ascri..._s.vbs

windows10-2004-x64

1

.new/ascri..._X.vbs

windows7-x64

1

.new/ascri..._X.vbs

windows10-2004-x64

1

.new/ascri..._m.ps1

windows7-x64

1

.new/ascri..._m.ps1

windows10-2004-x64

1

.new/ascri..._o.vbs

windows7-x64

1

.new/ascri..._o.vbs

windows10-2004-x64

1

.new/ascri..._l.vbs

windows7-x64

1

.new/ascri..._l.vbs

windows10-2004-x64

1

.new/ascri..._v.vbs

windows7-x64

1

.new/ascri..._v.vbs

windows10-2004-x64

1

.new/ascri..._q.vbs

windows7-x64

1

.new/ascri..._q.vbs

windows10-2004-x64

1

.new/auto

ubuntu-18.04-amd64

6

.new/auto

debian-9-armhf

1

.new/auto

debian-9-mips

1

.new/auto

debian-9-mipsel

1

.new/doc/TRICKS.vbs

windows7-x64

1

.new/doc/TRICKS.vbs

windows10-2004-x64

1

.new/doc/h...t.html

windows7-x64

1

.new/doc/h...t.html

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .new/ascript/a&a_12_a_global_n.ps1

  • Size

    4KB

  • MD5

    6715e504612dd82b3f53127a562def56

  • SHA1

    9c585d7d242165fa22d302ad64395348bec3df8b

  • SHA256

    8ca3fec9bc8c882d577f5cd2db0bbd32917d327728f3d147a97b1ae14c08f6e4

  • SHA512

    9be1b502225cbf9e952b253eb3c20cbed21c7d2a8e69f3704ae2d92213bceb0a262f7db9f107d15072b377ab1b3cba1a77635ecfde02457cefd8a3763d067005

  • SSDEEP

    48:UBfcwAn7xVJvCSsnfMXvfE1qHEnYHMy+fHJyV3gckVDdEpx4lKmA5qR4p:UVuTJrVXE1aEYHMfpokVDwhcRQ

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\.new\ascript\a&a_12_a_global_n.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uf2abgjd.jll.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/3132-9-0x0000012D75200000-0x0000012D75222000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3132-10-0x00007FFF43550000-0x00007FFF44011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3132-11-0x0000012D73010000-0x0000012D73020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3132-12-0x0000012D73010000-0x0000012D73020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3132-13-0x0000012D73010000-0x0000012D73020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3132-16-0x00007FFF43550000-0x00007FFF44011000-memory.dmp

    Filesize

    10.8MB

    Download