Overview

overview

7

Static

static

3

Astolfo-Be...4e.ps1

windows7-x64

1

Astolfo-Be...4e.ps1

windows10-2004-x64

1

Astolfo-Beta/libs.jar

windows7-x64

1

Astolfo-Beta/libs.jar

windows10-2004-x64

7

Astolfo-Be...22.jar

windows7-x64

1

Astolfo-Be...22.jar

windows10-2004-x64

7

Astolfo-Be...nk.dll

windows7-x64

1

Astolfo-Be...nk.dll

windows10-2004-x64

1

Astolfo-Be...32.dll

windows7-x64

1

Astolfo-Be...32.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...x8.dll

windows7-x64

1

Astolfo-Be...x8.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...aw.dll

windows7-x64

1

Astolfo-Be...aw.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...ab.dll

windows7-x64

1

Astolfo-Be...ab.dll

windows10-2004-x64

1

Astolfo-Be...ch.dll

windows7-x64

1

Astolfo-Be...ch.dll

windows10-2004-x64

1

Astolfo-Be....4.dll

windows7-x64

1

Astolfo-Be....4.dll

windows10-2004-x64

1

Astolfo-Be...32.dll

windows7-x64

1

Astolfo-Be...32.dll

windows10-2004-x64

1

Astolfo-Be...tv.dll

windows7-x64

3

Astolfo-Be...tv.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    200s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Astolfo-Beta/assets/objects/c3/c3cd0db760c980287b26ef9c0894f66c4250724e.ps1

  • Size

    10KB

  • MD5

    78d3efc4abc7fda450d650b86e757992

  • SHA1

    c3cd0db760c980287b26ef9c0894f66c4250724e

  • SHA256

    fa7acce9893cd8ae274bf57453d782d825915e31999a21f0c38713116a100b45

  • SHA512

    2e835e0e7db5186c7405c4217c7979d444771b58bf263e652485def959e341c1343be1a353686d965a90d504150e5407a50f891fb2883f94a5865a2851e7ae93

  • SSDEEP

    192:gXDJomrimXOct5g6ksDLFtpfFSSu9z3LnjnM3SoOoKATzk2t74tfyQV:uimzp26F1ty/9LnjnVBAB7cH

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Astolfo-Beta\assets\objects\c3\c3cd0db760c980287b26ef9c0894f66c4250724e.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:908
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=3548 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
    1⤵
      PID:1176
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3364 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
      1⤵
        PID:2464
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4100 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
        1⤵
          PID:1640
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:8
          1⤵
            PID:1120
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2120 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
            1⤵
              PID:2372
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=2340 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
              1⤵
                PID:2360
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4500 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                1⤵
                  PID:1032
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4516 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                  1⤵
                    PID:1948
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4680 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                    1⤵
                      PID:1648
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4844 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                      1⤵
                        PID:2760
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4852 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                        1⤵
                          PID:3028
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4936 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                          1⤵
                            PID:1468
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5088 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                            1⤵
                              PID:880
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5716 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                              1⤵
                                PID:2004
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5688 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                1⤵
                                  PID:2196
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6092 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                  1⤵
                                    PID:3284
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5692 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                    1⤵
                                      PID:3300
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6032 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                      1⤵
                                        PID:3292
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5892 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                        1⤵
                                          PID:3316
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=5868 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                          1⤵
                                            PID:3308
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=5852 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                            1⤵
                                              PID:3332
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=6072 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                              1⤵
                                                PID:3340
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=6300 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                1⤵
                                                  PID:3748
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=1368 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                  1⤵
                                                    PID:3868
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=3892 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                    1⤵
                                                      PID:3876
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6684 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                      1⤵
                                                        PID:3884
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6744 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                        1⤵
                                                          PID:3904
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=1052 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                          1⤵
                                                            PID:3896
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6692 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                            1⤵
                                                              PID:3920
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=6528 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                              1⤵
                                                                PID:3928
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=5976 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                1⤵
                                                                  PID:3936
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=3916 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                  1⤵
                                                                    PID:3944
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=7376 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                    1⤵
                                                                      PID:4044
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=7312 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                      1⤵
                                                                        PID:4076
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=7384 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                        1⤵
                                                                          PID:4088
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=6984 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                          1⤵
                                                                            PID:2080
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=7188 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                            1⤵
                                                                              PID:3124
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=7676 --field-trial-handle=1320,i,3334177572883932064,18287385929399583214,131072 /prefetch:1
                                                                              1⤵
                                                                                PID:3088
                                                                              • C:\Windows\explorer.exe
                                                                                "C:\Windows\explorer.exe"
                                                                                1⤵
                                                                                  PID:2652

                                                                                Network

                                                                                MITRE ATT&CK Matrix

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • memory/908-4-0x000000001B220000-0x000000001B502000-memory.dmp

                                                                                  Filesize

                                                                                  2.9MB

                                                                                  Download

                                                                                • memory/908-5-0x0000000002580000-0x0000000002588000-memory.dmp

                                                                                  Filesize

                                                                                  32KB

                                                                                  Download

                                                                                • memory/908-6-0x000007FEF3080000-0x000007FEF3A1D000-memory.dmp

                                                                                  Filesize

                                                                                  9.6MB

                                                                                  Download

                                                                                • memory/908-7-0x0000000002340000-0x00000000023C0000-memory.dmp

                                                                                  Filesize

                                                                                  512KB

                                                                                  Download

                                                                                • memory/908-8-0x000007FEF3080000-0x000007FEF3A1D000-memory.dmp

                                                                                  Filesize

                                                                                  9.6MB

                                                                                  Download

                                                                                • memory/908-9-0x0000000002340000-0x00000000023C0000-memory.dmp

                                                                                  Filesize

                                                                                  512KB

                                                                                  Download

                                                                                • memory/908-10-0x0000000002340000-0x00000000023C0000-memory.dmp

                                                                                  Filesize

                                                                                  512KB

                                                                                  Download

                                                                                • memory/908-11-0x000007FEF3080000-0x000007FEF3A1D000-memory.dmp

                                                                                  Filesize

                                                                                  9.6MB

                                                                                  Download