Overview

overview

7

Static

static

3

Mauqes.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows10-2004-x64

1

asdasdasd.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows10-2004-x64

3

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows10-2004-x64

3

locales/af.ps1

windows10-2004-x64

1

locales/uk.ps1

windows10-2004-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows10-2004-x64

3

vulkan-1.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$R0/Uninst...sd.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Resubmissions

16/04/2024, 19:44

240416-yfyf3aag99 7

16/04/2024, 19:29

240416-x7jljscb21 7

Analysis

  • max time kernel
    140s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    locales/uk.ps1

  • Size

    688KB

  • MD5

    ee70e9f3557b9c8c67bfb8dfcb51384d

  • SHA1

    fc4dfc35cde1a00f97eefe5e0a2b9b9c0149751e

  • SHA256

    54324671a161f6d67c790bfd29349db2e2d21f5012dc97e891f8f5268bdf7e22

  • SHA512

    f4e1da71cb0485851e8ebcd5d5cf971961737ad238353453db938b4a82a68a6bbaf3de7553f0ff1f915a0e6640a3e54f5368d9154b0a4ad38e439f5808c05b9f

  • SSDEEP

    12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\locales\uk.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1176
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x47c 0x2ec
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dwsw35so.vug.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/1176-9-0x000001D430760000-0x000001D430782000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1176-10-0x00007FFB92730000-0x00007FFB931F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1176-12-0x000001D42E540000-0x000001D42E550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1176-11-0x000001D42E540000-0x000001D42E550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1176-15-0x00007FFB92730000-0x00007FFB931F1000-memory.dmp

    Filesize

    10.8MB

    Download