Overview

overview

10

Static

static

1

9244493369...90.ps1

windows7-x64

1

9244493369...90.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-02-2024 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92444933697fb73b97c1cc1029fd5d90.ps1

  • Size

    656KB

  • MD5

    92444933697fb73b97c1cc1029fd5d90

  • SHA1

    a651e876aecda3bea0ff93161da116cc99d694f5

  • SHA256

    dd292da794d6c9afb8ea5e136c7b23ff61aa913ff2f451fa5c6b268c74714f60

  • SHA512

    18c71e38426b61cb1c2c6a3eab91e92c44a9e4e95a639da03657fd878435a3e3d20c9bf8c1fb590a31fd9908a9b9fbdb9e50a6c034390f29f3719b9768411d03

  • SSDEEP

    12288:EZjw0RJ9u5ILYDxD3fxYehza/tw64s8TVkc5A+:g3wTmr+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\92444933697fb73b97c1cc1029fd5d90.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1948-4-0x000000001B830000-0x000000001BB12000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1948-6-0x0000000001D10000-0x0000000001D18000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1948-5-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1948-7-0x0000000002C90000-0x0000000002D10000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1948-8-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1948-9-0x0000000002C90000-0x0000000002D10000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1948-10-0x0000000002C90000-0x0000000002D10000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1948-11-0x0000000002C90000-0x0000000002D10000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1948-12-0x0000000002C90000-0x0000000002D10000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1948-13-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download