Overview

overview

10

Static

static

10

f718a6a1dd...fb.ps1

windows7-x64

7

f718a6a1dd...fb.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 20:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f718a6a1dd3577d5cd358aecc57f6efb.ps1

  • Size

    1KB

  • MD5

    f718a6a1dd3577d5cd358aecc57f6efb

  • SHA1

    2886252e80e2a1f2854599749292b5681fa248c7

  • SHA256

    37fddb14cc597aa92c4fc46da3e30ce1305359c5313dbca053b22e7503579022

  • SHA512

    efe95419f4ca285198b34372ed7617061cc099bc7771939f5d986e28db2c7014cbf4d3c4afde72ac500cdb87c91df685811faa1fe8e17edd668a32347247878f

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\f718a6a1dd3577d5cd358aecc57f6efb.ps1
    1⤵
    • Deletes itself
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c c:\Users\arrow\AppData\Local\Temp\444.exe
      2⤵
        PID:1192

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2628-4-0x000000001B320000-0x000000001B602000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2628-5-0x0000000002390000-0x0000000002398000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2628-6-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2628-7-0x0000000002700000-0x0000000002780000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2628-8-0x0000000002700000-0x0000000002780000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2628-9-0x0000000002700000-0x0000000002780000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2628-10-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2628-11-0x0000000002700000-0x0000000002780000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2628-12-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2628-14-0x0000000002700000-0x0000000002780000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2628-15-0x0000000002700000-0x0000000002780000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2628-16-0x0000000002700000-0x0000000002780000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2628-17-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

      Filesize

      9.6MB

      Download