633043a66408f98f969625a57e6a31259f0a8a5af1972a2e5ac03a1a404395a1

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 11:24

Target

536277686aacdbed6678b4d3e153b9bc.ps1
Size

166KB
MD5

536277686aacdbed6678b4d3e153b9bc
SHA1

c41d5a747f4da23c580dfec6badd42c0c35c139a
SHA256

633043a66408f98f969625a57e6a31259f0a8a5af1972a2e5ac03a1a404395a1
SHA512

f126bef402dda55b3dd0f69a6e480112e7078cdbbb6351a59061cbad639d689a6146ebe99bbb7b7c4b270cd709ad8978b3bf105b93c6214412bcf54212305283
SSDEEP

3072:KL1Jy6v+0CZgkNWgXTviGbkYdMH4RDJQhBCyWe4ur37w:KL1Jy6v+0LkNVXTviGbkYdMH4RDJQhBw

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2500	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2500	powershell.exe

memory/2500-4-0x000000001B300000-0x000000001B5E2000-memory.dmp

Filesize
2.9MB

Download
memory/2500-6-0x0000000002310000-0x0000000002318000-memory.dmp

Filesize
32KB

Download
memory/2500-5-0x000007FEF5BF0000-0x000007FEF658D000-memory.dmp

Filesize
9.6MB

Download
memory/2500-7-0x00000000028C0000-0x0000000002940000-memory.dmp

Filesize
512KB

Download
memory/2500-8-0x000007FEF5BF0000-0x000007FEF658D000-memory.dmp

Filesize
9.6MB

Download
memory/2500-9-0x00000000028C0000-0x0000000002940000-memory.dmp

Filesize
512KB

Download
memory/2500-10-0x00000000028C0000-0x0000000002940000-memory.dmp

Filesize
512KB

Download
memory/2500-11-0x00000000028C0000-0x0000000002940000-memory.dmp

Filesize
512KB

Download
memory/2500-12-0x000007FEF5BF0000-0x000007FEF658D000-memory.dmp

Filesize
9.6MB

Download