Analysis
-
max time kernel
12s -
max time network
15s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:40
Static task
static1
Behavioral task
behavioral1
Sample
Test.ps1
Resource
win7-20231215-en
General
-
Target
Test.ps1
-
Size
7KB
-
MD5
0697c8683a20964776ef075edea23142
-
SHA1
298d3d9023e413e448b60359df5ae8fe5445ed81
-
SHA256
762602881fc7201c9bdb206d63b79433ef7fbe104611bbb8526cd34367aabe34
-
SHA512
253d1d5afa1f3ac8d98a04d9876778300cc70f84b7e80864c6f6ed4ff7cb6b4e2fd165810aa1c3040dcac05e1c040c81d6e864ad2c32383eebc88f393f142afc
-
SSDEEP
192:s/cgYz8h/FIHrDl81PWCR8UvjmlR0mx6M5WHP1qfe:s/rDNIN81fmJxKP1qfe
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
powershell.exeflow pid process 4 4404 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 4404 powershell.exe 4404 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 4404 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_14axbc1l.ahr.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/4404-0-0x000002473CE00000-0x000002473CE22000-memory.dmpFilesize
136KB
-
memory/4404-10-0x00007FFD831E0000-0x00007FFD83CA1000-memory.dmpFilesize
10.8MB
-
memory/4404-11-0x000002473CDF0000-0x000002473CE00000-memory.dmpFilesize
64KB
-
memory/4404-12-0x000002473CDF0000-0x000002473CE00000-memory.dmpFilesize
64KB
-
memory/4404-13-0x000002473CE40000-0x000002473CE48000-memory.dmpFilesize
32KB