79d6b1b6b1ecb446b0f49772bf4da63fcec6f6bfc7c2e1f4924cb7acbb3b4f53

General

Target

79d6b1b6b1ecb446b0f49772bf4da63fcec6f6bfc7c2e1f4924cb7acbb3b4f53.ps1
Size

5KB
MD5

ba83831700a73661f99d38d7505b5646
SHA1

209ffbc8ba1e93167bca9b67e0ad3561c065595d
SHA256

79d6b1b6b1ecb446b0f49772bf4da63fcec6f6bfc7c2e1f4924cb7acbb3b4f53
SHA512

408642bf6df33ab7f3b77524e9a9042a9d5c6c7586e41edb68f3bd185cead83661dd5873c272ecc3801ccf7549c2e003c02ecfac19a375ad4e7f2035f57aa6ed
SSDEEP

96:DKoOEcy54jHdcGqzQtxmR2P72gFulz/sDQJvsE016lGQnT7rjHQduiSWUo:su4jHdcrzQtxmeqCKz/nvV2EnT7rM+g

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1996	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1996	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2552	1996	powershell.exe	29
PID 1996 wrote to memory of 2552	1996	powershell.exe	29
PID 1996 wrote to memory of 2552	1996	powershell.exe	29
PID 2552 wrote to memory of 2936	2552	csc.exe	30
PID 2552 wrote to memory of 2936	2552	csc.exe	30
PID 2552 wrote to memory of 2936	2552	csc.exe	30

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\79d6b1b6b1ecb446b0f49772bf4da63fcec6f6bfc7c2e1f4924cb7acbb3b4f53.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cf9m1gxa.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2C6E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2C6D.tmp"
    3⤵
    PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES2C6E.tmp

Filesize
1KB

MD5
3d101a23c6d7d1232f1d453b259b5a17

SHA1
6b9136307fe957ef0f9fb9e46af5ffacd5c82d13

SHA256
b9aad53425fda695072a3f5ff35e0d5977eadb50a4ef7185a0ee32b4dc23188b

SHA512
006ffefe646ce8c327c70091498202cd77edf25788893eb1a838908ee0def73dc46c2297cb9b7f51a0d477e668032e668d0184319cff38399e0df15bddfc012f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf9m1gxa.dll

Filesize
3KB

MD5
e709156d4a83d92fc1b068def9d2b8ef

SHA1
a97b8f23cd5cf2da461a5dd561c162652d0b1769

SHA256
6066ea7b00962162579908eb7350a5fa9852b2d26f479ca1145d19cc92409e83

SHA512
57bdf98da2ee5961230b82b43bec4fa9a0bb9b6963eada84bf4009c0d4d1ee3c6692c1c255edc9c73a73a90f43975c44697a7c25099fbaf0e91219f292d55528

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf9m1gxa.pdb

Filesize
7KB

MD5
00097d09e419a592e272c5f19d5228f3

SHA1
0dd7ffbe2334667192665cb3a0abf83265b8b1dc

SHA256
b8d70eb746e53ae615f287ca722580d47621e55921705b666799e54a2164c707

SHA512
118091b832e5167b63c64ff81e0078a9d43a7424e7410145cdb9b7c9fba869f490e74dfc8691a4b9daafa3cb4d5596cbdeef401b2fe6781f8e85ecc0592b1d78

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC2C6D.tmp

Filesize
652B

MD5
78bddeeb5aad614ed495249099d69268

SHA1
943dda51ebb0186e437701cced0ac5624db63783

SHA256
a2df7d0785578c45dd3928e0a5a524d350eb9e867f6faa66612054572762ac33

SHA512
435421745a1d59ea9cda13434879aa28531e8793ec87b43bb52391c62eb2603de457b91438532c0a8f9845e0bd71b586db15b0e8fc5b4058dfb3e062128d1ea8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\cf9m1gxa.0.cs

Filesize
726B

MD5
dc5f0d05fbd2c9662cf7b22ac013f2a0

SHA1
433033f181fc23fa1d305997bec35c0312c7a1d1

SHA256
57a734205517041ac36ae99eb1bacc5d714b25fe0e111eefc22e8530172a4338

SHA512
50fe3167403f75670f851913fe84cfd29a670acfaaa787157ebffc89529d4013573d8536cfbf4504e28b90021cf5684641803f82e27000f266206e0e77a57142

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\cf9m1gxa.cmdline

Filesize
309B

MD5
b81d7cf4b3b4b9c78aba7341a86e7f62

SHA1
e5d2837833996648c0e89701c7b96c1800fd4354

SHA256
fc9ae613f3bd18cd92e88976cd6c6b425b5a3035fed2cf2af94f0eacbc7b516b

SHA512
10f0fa98c711b61a69677160e600422cb8dca9d017e721a6171a4342056b6988fc390f9dd0c482b5c2154ad46c77ed2478609f3b376ef2c112c215f03cddda88

Download Submit
memory/1996-11-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download
memory/1996-14-0x0000000002E10000-0x0000000002E90000-memory.dmp

Filesize
512KB

Download
memory/1996-13-0x0000000002E10000-0x0000000002E90000-memory.dmp

Filesize
512KB

Download
memory/1996-4-0x000000001B710000-0x000000001B9F2000-memory.dmp

Filesize
2.9MB

Download
memory/1996-7-0x0000000002E10000-0x0000000002E90000-memory.dmp

Filesize
512KB

Download
memory/1996-6-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download
memory/1996-25-0x0000000002AF0000-0x0000000002AF8000-memory.dmp

Filesize
32KB

Download
memory/1996-5-0x0000000001E60000-0x0000000001E68000-memory.dmp

Filesize
32KB

Download
memory/1996-28-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/1996-30-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

Filesize
9.6MB

Download
memory/2552-16-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads