34b74e2b9ae6e258a15d60733c0347b2d5c9fa16fad69f06ea7f6c3babb051b4

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

decoded-1.ps1
Size

2.0MB
MD5

3bf5594c0b70faace5320779b80e3ad3
SHA1

b856c2216614ea6702c92d58473148ccc61cfbf7
SHA256

34b74e2b9ae6e258a15d60733c0347b2d5c9fa16fad69f06ea7f6c3babb051b4
SHA512

39a8de54bf910acde07d1e7db8749cc56fadedf75c9a1d59fdcab62a4c6be43fffa55e152701701fbeb56a4a169b9b16593f20dfd4331ee79aa090963a774cb9
SSDEEP

24576:F2vCeT9iGxjLDosSjD3+5H8kl2JYmhO+qKBoYKnVjQ835NyQsZI/3/prLTM6UXXa:Fpa7HDIdJhonVjiG/3/aq

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2908	powershell.exe
2908	powershell.exe
2908	powershell.exe
608	svchost.exe
608	svchost.exe
608	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2908	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
608	svchost.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 608	2908	powershell.exe	9
PID 608 wrote to memory of 2156	608	svchost.exe	30
PID 608 wrote to memory of 2156	608	svchost.exe	30
PID 608 wrote to memory of 2156	608	svchost.exe	30

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:608
- C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\wbem\wmiprvse.exe -Embedding
  2⤵
  PID:2156

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\decoded-1.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/608-66-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-69-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-33-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-34-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-80-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-36-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-70-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-78-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-72-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-43-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-20-0x00000000004B0000-0x00000000004D1000-memory.dmp

Filesize
132KB

Download
memory/608-21-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-27-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-28-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-29-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-32-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-54-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-51-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-44-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/608-37-0x0000000180000000-0x0000000180051000-memory.dmp

Filesize
324KB

Download
memory/2908-15-0x000000001BCD0000-0x000000001BD41000-memory.dmp

Filesize
452KB

Download
memory/2908-9-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download
memory/2908-6-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2908-85-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download
memory/2908-4-0x000000001B6E0000-0x000000001B9C2000-memory.dmp

Filesize
2.9MB

Download
memory/2908-5-0x0000000001D70000-0x0000000001D78000-memory.dmp

Filesize
32KB

Download
memory/2908-12-0x0000000180000000-0x0000000180021000-memory.dmp

Filesize
132KB

Download
memory/2908-11-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download
memory/2908-10-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download
memory/2908-8-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2908-82-0x000007FEF53A0000-0x000007FEF5D3D000-memory.dmp

Filesize
9.6MB

Download
memory/2908-83-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download
memory/2908-84-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download
memory/2908-7-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download
memory/2908-86-0x0000000002920000-0x00000000029A0000-memory.dmp

Filesize
512KB

Download