Overview

overview

1

Static

static

1

phpdev/inc...inc.js

windows7-x64

1

phpdev/inc...inc.js

windows10-2004-x64

1

phpdev/inc...ass.js

windows7-x64

1

phpdev/inc...ass.js

windows10-2004-x64

1

phpdev/inc...ss.ps1

windows7-x64

1

phpdev/inc...ss.ps1

windows10-2004-x64

1

phpdev/inc...ass.js

windows7-x64

1

phpdev/inc...ass.js

windows10-2004-x64

1

phpdev/inc...ass.js

windows7-x64

1

phpdev/inc...ass.js

windows10-2004-x64

1

phpdev/inc...ass.js

windows7-x64

1

phpdev/inc...ass.js

windows10-2004-x64

1

phpdev/inc...ass.js

windows7-x64

1

phpdev/inc...ass.js

windows10-2004-x64

1

phpdev/inc...inc.js

windows7-x64

1

phpdev/inc...inc.js

windows10-2004-x64

1

phpdev/inc...ss.ps1

windows7-x64

1

phpdev/inc...ss.ps1

windows10-2004-x64

1

phpdev/inc...-ui.js

windows7-x64

1

phpdev/inc...-ui.js

windows10-2004-x64

1

phpdev/inc...ree.js

windows7-x64

1

phpdev/inc...ree.js

windows10-2004-x64

1

phpdev/inc...ing.js

windows7-x64

1

phpdev/inc...ing.js

windows10-2004-x64

1

phpdev/inc...box.js

windows7-x64

1

phpdev/inc...box.js

windows10-2004-x64

1

phpdev/inc...ery.js

windows7-x64

1

phpdev/inc...ery.js

windows10-2004-x64

1

phpdev/inc...nc.ps1

windows7-x64

1

phpdev/inc...nc.ps1

windows10-2004-x64

1

phpdev/inc...nc.ps1

windows7-x64

1

phpdev/inc...nc.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    phpdev/includes/legacy/PhpThumb.inc.ps1

  • Size

    6KB

  • MD5

    4290c9f318393fe5efce5853a2bccfeb

  • SHA1

    d6d2899d50e2bda14938b4c3fdb0a8bf50f653ea

  • SHA256

    16dd868b47e7224f05de8ca00a0ac0371411587ee16c0e8e690c729fd736007e

  • SHA512

    b23c99f46f62dc4e397bea48d8213bc258f5691dbc6b853b6b01596a24ab399a67717706362209387bc7a832a5687b39b631c7bff1b5ba22374e2a25d522ae97

  • SSDEEP

    96:doo8HyMXy2Ks2zFryInwWIrVGyGmZbVDdd0wwKvYOIkioq639SEZp98GB:doo8Hpy2KzNyIn4rVGU1VDv0wGPoq6v3

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\phpdev\includes\legacy\PhpThumb.inc.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3060-4-0x000000001B4D0000-0x000000001B7B2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3060-6-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3060-5-0x0000000002390000-0x0000000002398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3060-7-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3060-8-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3060-9-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3060-10-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3060-11-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3060-12-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3060-13-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download