Overview
overview
10Static
static
3windows_up...le.ps1
windows7-x64
1windows_up...le.ps1
windows10-2004-x64
10windows_up...le.vbs
windows7-x64
8windows_up...le.vbs
windows10-2004-x64
8fresh.exe
windows7-x64
10fresh.exe
windows10-2004-x64
10windows_up...er.cmd
windows7-x64
1windows_up...er.cmd
windows10-2004-x64
10windows_up...er.ps1
windows7-x64
1windows_up...er.ps1
windows10-2004-x64
10windows_up...rs.ps1
windows7-x64
1windows_up...rs.ps1
windows10-2004-x64
1windows_up...ad.ps1
windows7-x64
1windows_up...ad.ps1
windows10-2004-x64
10windows_up...te.cmd
windows7-x64
1windows_up...te.cmd
windows10-2004-x64
windows_up...te.vbs
windows7-x64
8windows_up...te.vbs
windows10-2004-x64
8windows_up...ad.cmd
windows7-x64
1windows_up...ad.cmd
windows10-2004-x64
10windows_up...ad.vbs
windows7-x64
8windows_up...ad.vbs
windows10-2004-x64
8windows_up...ws.cmd
windows7-x64
1windows_up...ws.cmd
windows10-2004-x64
10windows_up...ws.vbs
windows7-x64
8windows_up...ws.vbs
windows10-2004-x64
8Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
19-04-2024 07:49
Static task
static1
Behavioral task
behavioral1
Sample
windows_update/file.ps1
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
windows_update/file.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
windows_update/file.vbs
Resource
win7-20240319-en
Behavioral task
behavioral4
Sample
windows_update/file.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
fresh.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
fresh.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
windows_update/loader.cmd
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
windows_update/loader.cmd
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
windows_update/loader.ps1
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
windows_update/loader.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
windows_update/monitors.ps1
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
windows_update/monitors.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
windows_update/payload.ps1
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
windows_update/payload.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
windows_update/update.cmd
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
windows_update/update.cmd
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
windows_update/update.vbs
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
windows_update/update.vbs
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
windows_update/upload.cmd
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
windows_update/upload.cmd
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
windows_update/upload.vbs
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
windows_update/upload.vbs
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
windows_update/windows.cmd
Resource
win7-20240319-en
Behavioral task
behavioral24
Sample
windows_update/windows.cmd
Resource
win10v2004-20240412-en
Behavioral task
behavioral25
Sample
windows_update/windows.vbs
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
windows_update/windows.vbs
Resource
win10v2004-20240412-en
General
-
Target
windows_update/file.ps1
-
Size
13.0MB
-
MD5
20788a06a96ae4d92417ace4661d559a
-
SHA1
239d40f67c27ae2e70c698237a3b27401ef5d37a
-
SHA256
8cc2612a8d44d4aebad26bd6ea254ad25f959497391ccfff127a56fad42eb4d5
-
SHA512
c3bcb3bbf117a933738a85590cf98f0fbd7f995c2b5a559850f089111aac87a774c42110da4237f31bd49a9d7ae2751d77eb3f72aac130c81163c13d58383511
-
SSDEEP
49152:QZuX/CRIRerx1exkxTf0i0vcfo/wFlAPp5Bl0jNlD33oi:
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 2468 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2468 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2468-4-0x000000001B670000-0x000000001B952000-memory.dmpFilesize
2.9MB
-
memory/2468-5-0x00000000029E0000-0x00000000029E8000-memory.dmpFilesize
32KB
-
memory/2468-6-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmpFilesize
9.6MB
-
memory/2468-7-0x0000000002C80000-0x0000000002D00000-memory.dmpFilesize
512KB
-
memory/2468-8-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmpFilesize
9.6MB
-
memory/2468-9-0x0000000002C80000-0x0000000002D00000-memory.dmpFilesize
512KB
-
memory/2468-11-0x0000000002C80000-0x0000000002D00000-memory.dmpFilesize
512KB
-
memory/2468-10-0x0000000002C80000-0x0000000002D00000-memory.dmpFilesize
512KB
-
memory/2468-12-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmpFilesize
9.6MB
-
memory/2468-13-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmpFilesize
9.6MB
-
memory/2468-14-0x0000000002C80000-0x0000000002D00000-memory.dmpFilesize
512KB
-
memory/2468-15-0x0000000002C80000-0x0000000002D00000-memory.dmpFilesize
512KB
-
memory/2468-16-0x0000000002C80000-0x0000000002D00000-memory.dmpFilesize
512KB