Overview

overview

8

Static

static

1

bshdbfhsbdf.ps1

windows7-x64

1

bshdbfhsbdf.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    1558s
  • max time network
    1559s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bshdbfhsbdf.ps1

  • Size

    10.7MB

  • MD5

    d2e94853c5b4c54f6a8f7c172315f7e8

  • SHA1

    92603972db4d1be6b30bd0e5122a1be6e23df726

  • SHA256

    a3973bd0bad3dc5e078ed58ad11948a1e31fc45aeaf2d3904d1cfbb5ebaedb37

  • SHA512

    d503f25abf52fa94d0a98bf0c43ffcf951fcbcf4fc35542530f600e863fd52da5a92f42ba4de19f9bf2f0ee996f51e0690e8b49853e329aa5931cafe1c76258b

  • SSDEEP

    12288:Bbs8/d+6iwu77Ply9QxRmKoESXTE/lyKmyEWfHUNiUoheOo:/

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\bshdbfhsbdf.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -NoLogo -NonInteractive -NoProfile -w h -f "C:\Users\Admin\AppData\Local\Temp\bshdbfhsbdf.ps1" -usradm 1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5FPL1KZY06G93YYBQ598.temp
    Filesize

    7KB

    MD5

    09fb2010b8db09bf12f0019ef1144fc8

    SHA1

    c45926d6dc5bfd5486435b50a41aa60bbbe62eb5

    SHA256

    15a80895f35892be4793f902f11dc17194e2dbc50064a7f3239787efa8bbfce4

    SHA512

    3d22d5bea18cf7c888187dadeee6c259d133c426b3448772876c4a01388f9b913f3057e5edd01766dddcf09f907a86dc65ceffb8177780b908dbb65888cbdadb

    Download Submit

  • memory/2216-4-0x000000001B760000-0x000000001BA42000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2216-6-0x000007FEF5BA0000-0x000007FEF653D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2216-7-0x0000000002DC0000-0x0000000002E40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2216-9-0x0000000002DC0000-0x0000000002E40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2216-10-0x000007FEF5BA0000-0x000007FEF653D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2216-8-0x0000000002DC0000-0x0000000002E40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2216-11-0x0000000002DC0000-0x0000000002E40000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2216-5-0x0000000002790000-0x0000000002798000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2216-17-0x000007FEF5BA0000-0x000007FEF653D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2692-18-0x000007FEF5BA0000-0x000007FEF653D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2692-19-0x0000000002D54000-0x0000000002D57000-memory.dmp

    Filesize

    12KB

    Download