Overview

overview

1

Static

static

1

0a8b972797...16.ps1

windows7-x64

1

0a8b972797...16.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 01:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a8b9727970edb024f474b9f7ba31c16.ps1

  • Size

    73KB

  • MD5

    0a8b9727970edb024f474b9f7ba31c16

  • SHA1

    ff0406178ea0d0b6f9c847319d9bf024306e9004

  • SHA256

    f57b32fd27fd88a6bba7824e61cf4e43b050a352aa5be8fb3de4b00a38a96228

  • SHA512

    cc7d412bb066cb220443ca43f5170ed0f5586d8fdb0527fd815cd354a85e9ef85faf44fac5881bb48782d0c75ab155d83df225204d97da633cab89d373e6c1c3

  • SSDEEP

    1536:CasqFimkpggT+4bTLp9x7fw+8R7noVcq2LDsa6qqgI0kewV:yEPgT+4b/t7f78hncxa6qx1kh

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\0a8b9727970edb024f474b9f7ba31c16.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2068-4-0x000000001B320000-0x000000001B602000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2068-6-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2068-7-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2068-5-0x0000000002510000-0x0000000002518000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2068-8-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2068-10-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2068-9-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2068-11-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2068-12-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2068-13-0x000007FEF55F0000-0x000007FEF5F8D000-memory.dmp

    Filesize

    9.6MB

    Download