Overview

overview

7

Static

static

3

EcoVerde-L....3.exe

windows7-x64

7

EcoVerde-L....3.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

locales/fi.ps1

windows7-x64

1

locales/fi.ps1

windows10-2004-x64

1

locales/fr.ps1

windows7-x64

1

locales/fr.ps1

windows10-2004-x64

1

locales/gu.ps1

windows7-x64

1

locales/gu.ps1

windows10-2004-x64

1

locales/th.ps1

windows7-x64

1

locales/th.ps1

windows10-2004-x64

1

locales/zh-TW.ps1

windows7-x64

1

locales/zh-TW.ps1

windows10-2004-x64

1

resources/...dex.js

windows7-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/...all.js

windows7-x64

1

resources/...all.js

windows10-2004-x64

1

resources/...all.js

windows7-x64

1

resources/...all.js

windows10-2004-x64

1

resources/...ws.dll

windows7-x64

1

resources/...ws.dll

windows10-2004-x64

1

resources/...ws.exe

windows7-x64

1

resources/...ws.exe

windows10-2004-x64

1

resources/...all.js

windows7-x64

1

resources/...all.js

windows10-2004-x64

1

Analysis

  • max time kernel
    242s
  • max time network
    284s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    locales/th.ps1

  • Size

    1.0MB

  • MD5

    7512a162ea0b65dd9477ac8c190136b9

  • SHA1

    ae5fbce9516882a0d58da9ebee3c767c7ba4c305

  • SHA256

    d01ecd4edecf1809d5c2133366df2502a4621e88d894817e80b913f3a0926fa4

  • SHA512

    425fd803cd3ed9589df5d04bb8ca4b62af0e573301d31c48a1a05bf3b707a0672e1a033965946223e5873a98eb3c9d52bcdcc1296a08cb4971d0b1b6d2e95eb7

  • SSDEEP

    12288:7UTfeN9LyZYArTJz1L/L1XPhHsbhRy1cW+v1H5UJEyL3ftj8wlz9eTRo98GkK9u4:7UTNC5y5h

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\locales\th.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/552-4-0x000000001B300000-0x000000001B5E2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/552-5-0x0000000001FD0000-0x0000000001FD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/552-6-0x000007FEF54E0000-0x000007FEF5E7D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/552-7-0x0000000002AA0000-0x0000000002B20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/552-9-0x0000000002AA0000-0x0000000002B20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/552-8-0x0000000002AA0000-0x0000000002B20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/552-10-0x000007FEF54E0000-0x000007FEF5E7D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/552-11-0x0000000002AA0000-0x0000000002B20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/552-12-0x0000000002AA0000-0x0000000002B20000-memory.dmp

    Filesize

    512KB

    Download

  • memory/552-13-0x000007FEF54E0000-0x000007FEF5E7D000-memory.dmp

    Filesize

    9.6MB

    Download