Overview

overview

10

Static

static

10

ALL.ps1

windows7-x64

8

ALL.ps1

windows10-2004-x64

8

ALL_2542.vbs

windows7-x64

1

ALL_2542.vbs

windows10-2004-x64

1

ALL_LLLLLL...90.vbs

windows7-x64

1

ALL_LLLLLL...90.vbs

windows10-2004-x64

1

ALL_jjnb.vbs

windows7-x64

1

ALL_jjnb.vbs

windows10-2004-x64

1

ALL_kkkkkk...kk.vbs

windows7-x64

1

ALL_kkkkkk...kk.vbs

windows10-2004-x64

1

ALL_steale...89.vbs

windows7-x64

1

ALL_steale...89.vbs

windows10-2004-x64

1

Server.ps1

windows7-x64

10

Server.ps1

windows10-2004-x64

10

Server_1faa.ps1

windows7-x64

1

Server_1faa.ps1

windows10-2004-x64

10

Server_77251.ps1

windows7-x64

1

Server_77251.ps1

windows10-2004-x64

10

Server_LLL...78.ps1

windows7-x64

1

Server_LLL...78.ps1

windows10-2004-x64

10

Server_asnn.ps1

windows7-x64

1

Server_asnn.ps1

windows10-2004-x64

10

Server_lkmm.ps1

windows7-x64

1

Server_lkmm.ps1

windows10-2004-x64

10

Server_lol123.ps1

windows7-x64

1

Server_lol123.ps1

windows10-2004-x64

10

Server_lol_123.ps1

windows7-x64

1

Server_lol_123.ps1

windows10-2004-x64

10

Server_lol...80.ps1

windows7-x64

1

Server_lol...80.ps1

windows10-2004-x64

10

Server_ste...67.ps1

windows7-x64

1

Server_ste...67.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Server_77251.ps1

  • Size

    1022KB

  • MD5

    2352e6c5e2c71eadedc4b1d1a75eac79

  • SHA1

    4467d978577f2ed268cac8e3027f07637c890de7

  • SHA256

    b12ae24085460abf05fccc1b18438a6894fb7ac6018ee7d35f033911aa4f8ba0

  • SHA512

    5937c03b23cf2ff6992491259c73e7bbcdc3ce3780c373cfeb484eaea0933263f10c270132a61f745e5776fd335ebb83ce77162567c6d958f87632b416f96e5e

  • SSDEEP

    12288:Bm8eHNHc142NYv5rNHI4ppN5mAy5BmqgJr64Zdy670D1wp6gPC9GJTgjse0YRVFU:g06uFBaj

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Server_77251.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1904-4-0x000000001B490000-0x000000001B772000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1904-6-0x000007FEF5030000-0x000007FEF59CD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1904-7-0x0000000002B70000-0x0000000002BF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1904-8-0x0000000002B70000-0x0000000002BF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1904-9-0x0000000002B70000-0x0000000002BF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1904-5-0x0000000002320000-0x0000000002328000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1904-10-0x000007FEF5030000-0x000007FEF59CD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1904-11-0x0000000002B70000-0x0000000002BF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1904-12-0x000007FEF5030000-0x000007FEF59CD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1904-13-0x0000000002B70000-0x0000000002BF0000-memory.dmp
    Filesize

    512KB

    Download