Overview

overview

10

Static

static

1

A u r о r a.exe

windows7-x64

7

A u r о r a.exe

windows10-2004-x64

10

$TEMP/Omissions.ps1

windows7-x64

1

$TEMP/Omissions.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/Omissions.ps1

  • Size

    163KB

  • MD5

    ce6aab10736655fe51357ef763a81873

  • SHA1

    00cc63e8c40ccde40537e7c80c565660ff681530

  • SHA256

    dd2b0347be3f0535db49269d8ae57af1024235aed4d9d258499fd0404d3c1f08

  • SHA512

    7938c7b8cbae3c1b6a0c8b7dc8005b1d7385177ba018685372b5919f2c86184d7ceb6e0cf5ed8d28fef16f4bf9bdf9015dd9767842822c085a9502783b6bd73f

  • SSDEEP

    1536:iuEDz3qOqC1/i8aLglZWI3e79rcpFex9enOtM6HgSrpghxihKz0nYGjRjyfp/p6s:C6cwFD5WYudjmQ

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\$TEMP\Omissions.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2160-4-0x000000001B2B0000-0x000000001B592000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2160-5-0x0000000001DD0000-0x0000000001DD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2160-6-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2160-7-0x0000000002670000-0x00000000026F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2160-8-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2160-9-0x0000000002670000-0x00000000026F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2160-10-0x0000000002670000-0x00000000026F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2160-11-0x0000000002670000-0x00000000026F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2160-12-0x0000000002670000-0x00000000026F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2160-13-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download