Overview

overview

1

Static

static

1

script.ps1

windows7-x64

1

script.ps1

android-9-x86

script.ps1

android-10-x64

script.ps1

android-11-x64

script.ps1

macos-10.15-amd64

Resubmissions

06-01-2024 13:10

240106-qeskesacc4 1

05-01-2024 19:56

240105-yn4m2sagg9 1

05-01-2024 19:56

240105-ynv1xaagg3 1

05-01-2024 19:55

240105-ynjmwaagf6 1

05-01-2024 19:55

240105-ynb8ssheep 1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2024 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    script.ps1

  • Size

    86B

  • MD5

    d423996be190469a60772fe58460e3a9

  • SHA1

    c67064bccb07868f3248d6163b8ce1bfedeb0632

  • SHA256

    30d6f51d941654a8cf97f7abd8d0bba48ff060f807da7f8b6c50a98d1b72ee8f

  • SHA512

    fe763c46ee7b2ee1a574683545da8a0906926ec158dbf9025410a78f6ef75d4c8f5f345f6d943535a3937e59016b97e32b85140ce7e363621ad1f385d0c87d2c

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\script.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2520-4-0x000000001B6E0000-0x000000001B9C2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2520-6-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-9-0x00000000029C0000-0x0000000002A40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2520-11-0x00000000029C0000-0x0000000002A40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2520-12-0x00000000029C0000-0x0000000002A40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2520-13-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-10-0x00000000029C0000-0x0000000002A40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2520-8-0x000007FEF53D0000-0x000007FEF5D6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-7-0x00000000029C0000-0x0000000002A40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2520-5-0x00000000023C0000-0x00000000023C8000-memory.dmp

    Filesize

    32KB

    Download