Overview

overview

10

Static

static

1

5e70c004a1...7f.ps1

windows7-x64

1

5e70c004a1...7f.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16-01-2024 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e70c004a15f9c9dd298b95046feee7f.ps1

  • Size

    485KB

  • MD5

    5e70c004a15f9c9dd298b95046feee7f

  • SHA1

    fc990eadc3d9e92d62c2fb933e40def2c96900dd

  • SHA256

    a216b930fa01417a53852559e8a01e7d61aafb04d85fffedc1e81b20822f162d

  • SHA512

    0eef2f58be50b8d09d9970d43953edbf98f44beaf645e0cacdf84210cf71b3a31546f9c2885a183fd8a9cce682f21c118bac53fb0435dc3a0aeff3fa2ed6c096

  • SSDEEP

    12288:+Zjw0RJ9u5ILYDxD3fxYehza/tw64sigu:q3Zu

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\5e70c004a15f9c9dd298b95046feee7f.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      #cmd
      2⤵
        PID:2012
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        #cmd
        2⤵
          PID:2536
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
          #cmd
          2⤵
            PID:1472
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
            #cmd
            2⤵
              PID:1732
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
              #cmd
              2⤵
                PID:1124

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1724-4-0x000000001B700000-0x000000001B9E2000-memory.dmp

              Filesize

              2.9MB

              Download

            • memory/1724-6-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/1724-7-0x0000000002A30000-0x0000000002AB0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1724-5-0x0000000001E70000-0x0000000001E78000-memory.dmp

              Filesize

              32KB

              Download

            • memory/1724-8-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

              Filesize

              9.6MB

              Download

            • memory/1724-9-0x0000000002A30000-0x0000000002AB0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1724-10-0x0000000002A30000-0x0000000002AB0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1724-11-0x0000000002A30000-0x0000000002AB0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1724-12-0x00000000029E0000-0x00000000029F2000-memory.dmp

              Filesize

              72KB

              Download

            • memory/1724-13-0x000007FEF5460000-0x000007FEF5DFD000-memory.dmp

              Filesize

              9.6MB

              Download