Overview

overview

1

Static

static

1

Excel/xl/l...st.ps1

windows7-x64

1

Excel/xl/l...st.ps1

windows10-2004-x64

1

Excel/xl/l...st.ps1

windows7-x64

1

Excel/xl/l...st.ps1

windows10-2004-x64

1

Excel/xl/l...O.xlsx

windows7-x64

1

Excel/xl/l...O.xlsx

windows10-2004-x64

1

Excel/xl/l...J.xlsx

windows7-x64

1

Excel/xl/l...J.xlsx

windows10-2004-x64

1

Excel/xl/l...ck.ps1

windows7-x64

1

Excel/xl/l...ck.ps1

windows10-2004-x64

1

Excel/xl/l.../ga.js

windows7-x64

1

Excel/xl/l.../ga.js

windows10-2004-x64

1

Excel/xl/l...ery.js

windows7-x64

1

Excel/xl/l...ery.js

windows10-2004-x64

1

Excel/xl/l...pup.js

windows7-x64

1

Excel/xl/l...pup.js

windows10-2004-x64

1

Excel/xl/l...ins.js

windows7-x64

1

Excel/xl/l...ins.js

windows10-2004-x64

1

Excel/xl/l...e.html

windows7-x64

1

Excel/xl/l...e.html

windows10-2004-x64

1

Excel/xl/l...age.js

windows7-x64

1

Excel/xl/l...age.js

windows10-2004-x64

1

Excel/xl/l...ck.ps1

windows7-x64

1

Excel/xl/l...ck.ps1

windows10-2004-x64

1

Excel/xl/l...x.html

windows7-x64

1

Excel/xl/l...x.html

windows10-2004-x64

1

Analysis

  • max time kernel
    96s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 04:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Excel/xl/link/Excel/BlackList.ps1

  • Size

    1KB

  • MD5

    d7a8ec808175f697f74fff16c97e2b11

  • SHA1

    102742cdeecb33034b74b24851c80570dbc2aa29

  • SHA256

    ac36b1a1ca21690705c69784f249175dee7355ee535d35913e8e46b6794454af

  • SHA512

    205cd939ef9aae19c60e5378b7b50ee84d78a23e22b6450e7b4b604f182c276571568a651223267d8ec442e5e4b29ae984572b83f6fdd89956a021d29ee1ca7e

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Excel\xl\link\Excel\BlackList.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1320-4-0x000000001B490000-0x000000001B772000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1320-5-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1320-6-0x0000000002270000-0x0000000002278000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1320-7-0x0000000002890000-0x0000000002910000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1320-8-0x0000000002890000-0x0000000002910000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1320-9-0x0000000002890000-0x0000000002910000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1320-10-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1320-11-0x0000000002890000-0x0000000002910000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1320-13-0x0000000002890000-0x0000000002910000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1320-12-0x000007FEF5BD0000-0x000007FEF656D000-memory.dmp

    Filesize

    9.6MB

    Download