Overview

overview

3

Static

static

3

WindowsPow...on.ps1

windows7-x64

1

WindowsPow...on.ps1

windows10-2004-x64

1

WindowsPow...ab.ps1

windows7-x64

1

WindowsPow...ab.ps1

windows10-2004-x64

1

WindowsPow...er.ps1

windows7-x64

1

WindowsPow...er.ps1

windows10-2004-x64

1

WindowsPow...er.ps1

windows7-x64

1

WindowsPow...er.ps1

windows10-2004-x64

1

WindowsPow...ma.ps1

windows7-x64

1

WindowsPow...ma.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow.../M.ps1

windows7-x64

1

WindowsPow.../M.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

WindowsPow...ce.ps1

windows7-x64

1

WindowsPow...ce.ps1

windows10-2004-x64

1

Resubmissions

15-04-2024 17:37

240415-v66nksed8w 7

15-04-2024 17:34

240415-v5ll1sed3z 7

15-04-2024 17:30

240415-v3fmzsca66 3

15-04-2024 17:27

240415-v1vdcseb8w 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WindowsPowerShell.zip

  • Size

    2.9MB

  • Sample

    240415-v3fmzsca66

  • MD5

    4beaf6b031c0c5207b19918913b57e0d

  • SHA1

    c9856b91a671619302799d166875cfda119fb121

  • SHA256

    0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b

  • SHA512

    3eb79e807c5a8ecda39d8da9591bef48d7db49004ad052c6e2e4a53d922cd97d2ded480c04d5397b946f9a0bc5944d2a45dc026fe35919e0c9aa63715b47095e

  • SSDEEP

    49152:VDMkyxtSYe6vWnyXkeC9TDVG2wl9Bs1DIN1BWWh7PbCpoV0pX8o7mQuzg7pVa1GV:Gky33e6+nmCts2cBN5Cpc0986wqm1gt1

Score
3/10

Malware Config

Targets

    • Target

      WindowsPowerShell/v1.0/Modules/NetTCPIP/Test-NetConnection.psm1

    • Size

      28KB

    • MD5

      e21ced8efdfc6ae941ce25e03d89afdc

    • SHA1

      ecef978de489e9209ab175801a346946eafe3cc4

    • SHA256

      4c79584054c4f84614963514af7afe4ac9af50f55de745757828f0da60171036

    • SHA512

      b0f6cdd3e8ba5517d574e36a1a45799a0a218c9e55292749fd7730516a9e0c180af356566099edbb9956760ce0f36fb0bda39b2551b80e816655898c78c0f96e

    • SSDEEP

      192:q8cxk7gtVinbATknkkDSL04Jgnv/dNBfozeZhwWbggWwhgOg034+0mder9IEg/6A:5cxhLujlvVNqeZqFcgS4+bo9vEoyJxR

    Score
    1/10
    behavioral1behavioral2

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCClassResources/WindowsPackageCab/WindowsPackageCab.psm1

    • Size

      35KB

    • MD5

      b29f0d0c61cc91d9091bc38e208cceaf

    • SHA1

      de6a02520e1d7325025f2761a97d36e407e8490c

    • SHA256

      326669c4a31e2049e3750bcf4287241bb8b555b3670d31a1aca74c3ac598df81

    • SHA512

      b8dd0d1c9d5222a2a45c7e956f72dfe64de928c27b3873d3552d4e305958679c739bda3af6f84f39e79dbb05dfc3dc30304acfc70d9c1021e140851132d6aae5

    • SSDEEP

      384:v9KyeyaA4HZzs2rflLMB6ODfW3/lyAI9/p/tx1C3e5ekHC+LzvmoaJR30pPmTl:v8Lq2r+B6FkySHC+nmRJRkpPWl

    Score
    1/10
    behavioral3behavioral4

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/CompositeResourceHelper.psm1

    • Size

      3KB

    • MD5

      3ef0b1ffdddc2a4596620306a5a74413

    • SHA1

      e5be706a360dfc71f3829375144f5f2c0727a264

    • SHA256

      4fb57f6a5fe776a46f8a7631d461c43ad103931b45ed674dc5bbd837195591bf

    • SHA512

      072fd63d2e5c205a37ce379319c2bbec4e04840fd41fce7dbf41f29fa024c508d28a04f71d0e268b20112fad6b55428d8626b9fa78db2fd3387b9a73b0f483a7

    Score
    1/10
    behavioral5behavioral6

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/DSCResourceHelper.psm1

    • Size

      378B

    • MD5

      e2cd488ff94f2d5db9d940ff184632c4

    • SHA1

      d6f1401464b305ff715a6c562f729d65e8d4fe99

    • SHA256

      278e816943020aa1ef6c585636da1035e4d456cb1fb07e9a34a21d2690ef573f

    • SHA512

      46425717333dd251a079572a527ec11ff4ca1f6a8a8e7d2959512b867b6416630374153e5244bed06e52b48bff751a8b9a5ee6e71c4bc64c8bf8e4c532941b5a

    Score
    1/10
    behavioral7behavioral8

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/GroupSet/GroupSet.Schema.psm1

    • Size

      1KB

    • MD5

      dab79e1f2220d0a4b126eeb8883eb868

    • SHA1

      8646d79f996544d312e3d70f46155b863190b748

    • SHA256

      5bd66229fcadf1fcc0ccfc7f880d44c8e5fa06e4e861b6504d41a553a50cf262

    • SHA512

      fe04cb7e679ba33c763bf5d85908540e96ab7efd80d95ca8783bd64e1a29485b74adfb1cf640821b736cd2f23de653f0194012b535b932c955cbc995d0c7a669

    Score
    1/10
    behavioral10behavioral9

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_ArchiveResource/MSFT_ArchiveResource.psm1

    • Size

      38KB

    • MD5

      a5a5206edce88c864cddd4fa80a320bf

    • SHA1

      7edc40a2a3cd99c7dacf985f32897abeb911cae6

    • SHA256

      163b8f591fe315b00ad753c5450316cb9eef82b4cc53d0b24573aad40547cc35

    • SHA512

      8a93118c41d79ca0c6b603054581a3aa67c2384f7e8d2ac14c48a7314a664d94e33bbe80e740895fdc19d0637e7e9f04f03c5722a4442e37e204cb13cc40a1a1

    • SSDEEP

      384:iD8OL5GACJu8UiB9g/9fSrJGIErRtOCtFDrf74/6KkBpFFD1mEQcjodH4gH66km/:e8OLedCnIt8KWcdzVm2/zB

    Score
    1/10
    behavioral11behavioral12

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_EnvironmentResource/MSFT_EnvironmentResource.psm1

    • Size

      26KB

    • MD5

      f2fcbf1cd900c3eb4880ddd7155a061c

    • SHA1

      c5e22c2fb7962a93016dd7a492a8f8cb3ba62211

    • SHA256

      4bc67e09711eca67ad549ee28478dd742a1fa8a8b2f220249add6aede0245981

    • SHA512

      5ab2331261290d9a5cdf02279039c24baa8804cf0540b019d97822a904b86699b8ed5b247d077b6c05c5816c73dbddb397a8a9a78bd9645fe470b087ee29c8ce

    • SSDEEP

      384:rQeGU10BO36z3YJcrwnF3rJSk1h3CD0Dxib+7gy8i:NVnnG+N

    Score
    1/10
    behavioral13behavioral14

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_GroupResource/MSFT_GroupResource.psm1

    • Size

      77KB

    • MD5

      c15068d821194a932f412cbd80a31a33

    • SHA1

      ffdfee0693dc9ad3a630321e043a9a9e84f0d224

    • SHA256

      4614034b07246b4ad4e1ba3e3c657e19395eba7b6c2111262166695a505515a4

    • SHA512

      4b3879ccbc9339c3bf674c59089bd2cd81060f96cfffd6c7dfa8bcb7ed66bc442700d8163242dce98d1bd39bffc6fbb367dd714cca02fe84a1c5b4b17ad4131a

    • SSDEEP

      1536:mxGFwtzHPBM4DBwJoGY+5WFyuqYTpBdpeJeJUaGuXVXDSdPum7srZnVR8MXAxW:mYFSGz16zsPum7QVRTXAxW

    Score
    1/10
    behavioral15behavioral16

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_PackageResource/MSFT_PackageResource.psm1

    • Size

      29KB

    • MD5

      ab836d06051ceeaca0877ac780dcd4aa

    • SHA1

      608183965caf7bf7733aae1450cbc97f32b8f963

    • SHA256

      e375fa32e10537d28e279379c3bf4c0a761f6a33c88dbcbd9b34c13173fa3c07

    • SHA512

      f802e7e0974d1a6b41c85b36debed4c243d7426d25924e61a4bb6eaaa0d1061516b2730e95b807235717116d2c58b5592ea84be0d3911a267676773c03f43288

    • SSDEEP

      384:wke9QGEigGCSgBpxATHywflhV8qFSS2Kl1JLvaaCCxFSbJgjBMw7S0mx1VWVvbav:wke9QziHPzb6faCzEFBvQHp1

    Score
    1/10
    behavioral17behavioral18

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_ProcessResource/MSFT_ProcessResource.psm1

    • Size

      22KB

    • MD5

      403a3a7e0e95742d675c4abe09c72bc3

    • SHA1

      a965de8885a49a963ded641a09dba88919e80539

    • SHA256

      45c656815feded87c81c9ad5566ac6e11468441206e6737199ef9dcd5310037d

    • SHA512

      d20e3eb47376f208e3ebd04121f6f4414611526426bd8d9c749fb8ed8b54fd03703fa3390bf75f1c5bc79a9b31c4b627ea0d73fa6357f7c1a085d6c9c6858ce0

    • SSDEEP

      384:uBIVFwB/PcKbgldd3keF0xcgSc1yC293rc1yfJgOCOtViyeNc9tRxfW8:eIVFwB/Pcldd3keKdYddVhDViyJ

    Score
    1/10
    behavioral19behavioral20

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_ProcessResource/en-US/MSFT_ProcessResource.strings.psd1

    • Size

      3KB

    • MD5

      a709c70bbf5b48f47a2d985bb045e381

    • SHA1

      888f8a986eb2929ab715f2439cc753740051d94a

    • SHA256

      20f8b0b178efd4b32af4697d88fc20dcd2efcbd17ac6321488c3b860f1c60230

    • SHA512

      3deb3604f8336d59d84096a76cb7c440f42aee288c7c9410bafd5d997c2f85781cc78051a173c628481a7f45673bbb49da77e820ba0b9942169d428f9c28759d

    Score
    1/10
    behavioral21behavioral22

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_RegistryResource/MSFT_RegistryResource.psm1

    • Size

      37KB

    • MD5

      c9373c5f671e9a9000a88f51de6cc8c4

    • SHA1

      e7dcf08a12de4ab9ff212160946a06868df8e6b5

    • SHA256

      2014d15de845491a80be1132ca3784d60ed8e1315cf5942912956163d4bf6f4f

    • SHA512

      0354024b2297a27357d16051332815cef3176679c985bf9becc6812b7599874308249a83a9b47616253d80c43d8de305d511ae40fce2e0798f037a378b729179

    • SSDEEP

      768:In0wpmRahlfg7JFw0wUmg5A4AVn/g4AZWZK4AWxCuUUrFbio17lV9w:I0wpmRahlfg7JFw0wUmg5A4AVn/g4AZd

    Score
    1/10
    behavioral23behavioral24

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_RoleResource/MSFT_RoleResource.psm1

    • Size

      21KB

    • MD5

      9df9fe978590c2e04565ab17ced37ca8

    • SHA1

      61afdcc87f75d372d68eda5ee2a072b764b78865

    • SHA256

      cf3074aeb3ae3a5ccfa7286f25beb0b4ea71bf2444d5efa045ec20ab259d1695

    • SHA512

      b70937bc133e4a40b8a98b6a9ae17dda148bb4a1145b7f4e15b2de5e23ea07e2e3571ddbc7864d2a0aa5969ba2e2f304942aaeb597d09a7a8f6903c64e494e21

    • SSDEEP

      384:3s1F6XSaQuR6N4zvuR6NtrERxUQ8AWrbx:kB8y2bx

    Score
    1/10
    behavioral25behavioral26

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_ScriptResource/MSFT_ScriptResource.psm1

    • Size

      12KB

    • MD5

      6c56d656d8a031524626607042df12ce

    • SHA1

      aad050e65827168b193103874ab0c40854607738

    • SHA256

      74d9287f86c0eac13fe5301dc7988eadc9447fbe4829e97e394872e57240be54

    • SHA512

      818faef2c7f2db1af2f5f1c6e9c976bcb05ac5acc9b47563d0fdd86eb746b935ac401d98822162d13b6a47acc94c3fac73e543ea91b19b609aa70469a4777a3e

    • SSDEEP

      96:KcwS/B8RUtqvvUjJAKqwATFxuJoQIct+Gq7IxJthN101qw8Szu4V/Mzunu1uwWnR:pj9JAKq07t+GqkH101qVpQ

    Score
    1/10
    behavioral27behavioral28

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_ServiceResource/MSFT_ServiceResource.psm1

    • Size

      41KB

    • MD5

      66ec70c6a19b316c90fe77129d210054

    • SHA1

      49897df1a5443326d268ddd9aad5ba2ee3310314

    • SHA256

      689f3392d1057dfdbf5a08902440cb616ae5105d0c161de313305391e7a518ef

    • SHA512

      d0a703984058e2c3079825483516238229db52fcb14aee8fe79d758178bd8acfb2e2dd59fe7c87f4816e54ecc497e6c657c4624ec4c8013f99d99596dc17f5e2

    • SSDEEP

      384:+xyVkVrtJUe4tjBkx7yzZZOe4tjBkPjyz9mz4wmcRci2ED04re4kvWKueaUMnT6N:+Bo9yBJZJcNSDDmVg

    Score
    1/10
    behavioral29behavioral30

    • Target

      WindowsPowerShell/v1.0/Modules/PSDesiredStateConfiguration/DSCResources/MSFT_UserResource/MSFT_UserResource.psm1

    • Size

      34KB

    • MD5

      4d50c59e77481a61fc41eba8b9278234

    • SHA1

      1e00a33509c773a6da8e044eae506a0ddd6ccf94

    • SHA256

      b0caa0c3b9535c57a965610a2ab3c3554b34038f4d9460050ab02753c96845f9

    • SHA512

      a5338d663f354899fcf96ea9d51cfd7909e0138d9088e034b6048274833a8a5cffc7a9da2cb34a2b951d0a2ce5e63d6c7defe64d7cc7871c5a8d6c89c9499fa6

    • SSDEEP

      384:PbswwJoZwJoSaTWwJoW8enMwJo3TbWSBvaKwJoW8fox1wJo3Hrnc/UVhfW8N8Hvc:PbYV+xvn+qJP22qyf3SY

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix

Tasks