37cdb8d6a19c396cebbe44953363fcf9c7f7c27b1d27734edb81491dfb8c3069

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 16:54

Target

f91a93aba78c83e1e03a3ce5e2dc72c6.ps1
Size

656KB
MD5

f91a93aba78c83e1e03a3ce5e2dc72c6
SHA1

e0c790cc02a7af6ec022f81d1e6a2000e39fe0bc
SHA256

37cdb8d6a19c396cebbe44953363fcf9c7f7c27b1d27734edb81491dfb8c3069
SHA512

4235ad761835c2610c1e4314d7367f11970b546fcea106be81eaf698b0017c5269aa3264c46126e9d9269d4e9b034f21923b3ac1fd76302494a8f2dffd2d3815
SSDEEP

12288:EZjw0RJ9u5ILYDxD3fxYehza/tw64S8TVkc5A+:g3yTmr+

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1680	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1680	powershell.exe

memory/1680-4-0x000000001B740000-0x000000001BA22000-memory.dmp

Filesize
2.9MB

Download
memory/1680-6-0x000007FEF5B90000-0x000007FEF652D000-memory.dmp

Filesize
9.6MB

Download
memory/1680-5-0x0000000001E80000-0x0000000001E88000-memory.dmp

Filesize
32KB

Download
memory/1680-7-0x0000000002CC0000-0x0000000002D40000-memory.dmp

Filesize
512KB

Download
memory/1680-9-0x0000000002CC0000-0x0000000002D40000-memory.dmp

Filesize
512KB

Download
memory/1680-8-0x000007FEF5B90000-0x000007FEF652D000-memory.dmp

Filesize
9.6MB

Download
memory/1680-10-0x0000000002CC0000-0x0000000002D40000-memory.dmp

Filesize
512KB

Download
memory/1680-11-0x0000000002CC0000-0x0000000002D40000-memory.dmp

Filesize
512KB

Download
memory/1680-12-0x000007FEF5B90000-0x000007FEF652D000-memory.dmp

Filesize
9.6MB

Download