Overview

overview

1

Static

static

1

b4b0d35f5a...b5.ps1

windows7-x64

1

b4b0d35f5a...b5.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4b0d35f5a38730395f28cacf450bab5.ps1

  • Size

    85KB

  • MD5

    b4b0d35f5a38730395f28cacf450bab5

  • SHA1

    b1e1d48e53fa4aae1528b07adef64c6a7847f1b8

  • SHA256

    ba1bd47751931247b9b2acb6ca8c3aca47440f334494c86ded94e95f6bd4777a

  • SHA512

    234a9925a9c720695c43cbb67d64a8572faf6b45d8d31d55638dac5d1d84c416b63d482b2a9f843b98e08187d5ba30b3676ff1c4e89b80acd93c95c758fa1615

  • SSDEEP

    1536:sCY6eB2CCtq/PljJosk1jaPQL2uWwpOSmrn6CWZ0NWghELst:N3eB9C0H5JO5aPWqSmrn6Ac8E6

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\b4b0d35f5a38730395f28cacf450bab5.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2968-4-0x000000001B260000-0x000000001B542000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2968-5-0x0000000002420000-0x0000000002428000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2968-6-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2968-9-0x000007FEF5890000-0x000007FEF622D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2968-8-0x0000000002964000-0x0000000002967000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2968-7-0x0000000002960000-0x00000000029E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2968-10-0x0000000002960000-0x00000000029E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2968-11-0x000000000296B000-0x00000000029D2000-memory.dmp

    Filesize

    412KB

    Download