Overview

overview

1

Static

static

1

app/admin/...min.js

windows7-x64

1

app/admin/...min.js

windows10-2004-x64

1

app/admin/...ate.js

windows7-x64

1

app/admin/...ate.js

windows10-2004-x64

1

app/admin/...on.ps1

windows7-x64

1

app/admin/...on.ps1

windows10-2004-x64

1

app/admin/...rl.ps1

windows7-x64

1

app/admin/...rl.ps1

windows10-2004-x64

1

app/admin/...ink.js

windows7-x64

1

app/admin/...ink.js

windows10-2004-x64

1

app/admin/...les.js

windows7-x64

1

app/admin/...les.js

windows10-2004-x64

1

app/admin/...gd.ps1

windows7-x64

1

app/admin/...gd.ps1

windows10-2004-x64

1

app/admin/...tml.js

windows7-x64

1

app/admin/...tml.js

windows10-2004-x64

1

app/admin/...ex.ps1

windows7-x64

1

app/admin/...ex.ps1

windows10-2004-x64

1

app/admin/...ang.js

windows7-x64

1

app/admin/...ang.js

windows10-2004-x64

1

app/admin/...nk.ps1

windows7-x64

1

app/admin/...nk.ps1

windows10-2004-x64

1

app/admin/...st.ps1

windows7-x64

1

app/admin/...st.ps1

windows10-2004-x64

1

app/admin/...pen.js

windows7-x64

1

app/admin/...pen.js

windows10-2004-x64

1

app/admin/...er.ps1

windows7-x64

1

app/admin/...er.ps1

windows10-2004-x64

1

app/admin/...pok.js

windows7-x64

1

app/admin/...pok.js

windows10-2004-x64

1

app/admin/...ql.ps1

windows7-x64

1

app/admin/...ql.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    app/admin/control/link.ps1

  • Size

    5KB

  • MD5

    a4a757cacd9723c8c1d643bca5fcd431

  • SHA1

    b03678b629182c557f21d0181156428a79f343c9

  • SHA256

    59ede10f654e450270ae94ae34f955a73a267e3ef1264a4a27f4fdeba5fc780d

  • SHA512

    326f051d3f1128c6029793a418fa5147af35984145cdcd73693d7fc05e6e8de971443afa0967bb6df1943fc15165078014d88b8e23267b46b2b51c61ba6b187f

  • SSDEEP

    96:F+eygNdTw5vEEuQqhGmiI/bUuQ2cMSe8HCuQxIuQL+gupZDnDt+gupZDnTd9q0yA:FtftWGbt3d8HvWNrbmrb59q0yvI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\app\admin\control\link.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1732-4-0x000000001B540000-0x000000001B822000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1732-5-0x0000000002970000-0x0000000002978000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1732-6-0x000007FEF5310000-0x000007FEF5CAD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1732-7-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1732-8-0x000007FEF5310000-0x000007FEF5CAD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1732-10-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1732-9-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1732-11-0x00000000029D0000-0x0000000002A50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1732-12-0x000007FEF5310000-0x000007FEF5CAD000-memory.dmp

    Filesize

    9.6MB

    Download